role_tag documentation specifies support for inferred AWS 'iam' auth method as well
role_tag - (Optional) If set, enable role tags for this role. The value set for this field should be the key of the tag on the EC2 instance. auth_type must be set to ec2 or inferred_entity_type must be set to ec2_instance to use this constraint.
But I cannot proceed with creating such role in Vault with error
tried to enable role_tag when not using ec2 auth method
According to the documentation, role_tag should be allowed also for inferred AWS 'iam' auth method
https://github.com/hashicorp/vault/blob/master/website/source/docs/auth/aws.html.md#dynamic-management-of-policies-via-role-tags
role_tag documentation specifies support for inferred AWS 'iam' auth method as well
role_tag - (Optional) If set, enable role tags for this role. The value set for this field should be the key of the tag on the EC2 instance. auth_type must be set to ec2 or inferred_entity_type must be set to ec2_instance to use this constraint.
But I cannot proceed with creating such role in Vault with error
I tracked it down to the below 'if' check in code
https://github.com/hashicorp/vault/blob/1e0b6a0d88159847e71b5f61ca3579978ff22309/builtin/credential/aws/path_role.go#L791
Is this a bug or am I missing something obvious?
Thanks for feedback