search

common-fate / granted

The easiest way to access your cloud.
https://granted.dev
MIT License
956 stars 90 forks source link

feat: Use aws:username for IAM initiated federated console sessions. #626

Closed matthewhembree closed 3 months ago

matthewhembree commented 3 months ago

What changed?

Closes #625

The changes refactor the way federation token ID is used for AWS IAM credentials. Instead of relying on the userID which was previously parsed, the code now uses the userName which is more easily attributable to the IAM user name in the Cloudtrail events list view.

Old:

image

New:

image

Why?

In the Cloudtrail console's event history view, the IAM user name will now display in the user name column. Previously, the user id would display (e.g. AIDA.....).

How did you test it?

  1. Add IAM credential with granted credentials add.
  2. Opened a console session with assume -c.
  3. Created an S3 bucket through the S3 console.

Potential risks

Is patch release candidate?

Link to relevant docs PRs

matthewhembree commented 3 months ago

Thank you @chrnorm! I wondered about tests.. they're my blind spot. Your code was very educational!!