knguyen0125
commented
1 year ago It seems like the session token is for stopping instance. Wouldn't it be easier to assign it an IAM role with StopInstance action?
Closed knguyen0125 closed 1 year ago
knguyen0125
commented
1 year ago It seems like the session token is for stopping instance. Wouldn't it be easier to assign it an IAM role with StopInstance action?
joebowbeer
commented
1 year ago Me too. I would like to provide AWS_PROFILE instead of AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. The provider should be able to assume the role specified in the AWS_PROFILE.
89luca89
commented
1 year ago Thanks for the report! I'm working on this :smile:
I'm evaluating this AWS plugin for our company, and it looks like we can only use long-term AWS credentials.
Our company moved to AWS SSO / Identity Center a while ago, and is currently using AWS SSO CLI as credential process. It's not working, even with providing AWS credentials option as environment variable.
Further investigation seems to be due to the GetSessionToken call, which can only be called with long-term token.
Shouldn't the long-term token be enough without calling the API to get session token? The GetSessionToken api call only seem to be used for authenticating with MFA (https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html), which we don't provide anything in this case.