Closed sebastianvoss closed 3 weeks ago
This PR has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this PR will be closed in 10 days
Is there anything missing? Please just let me know.
This PR has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this PR will be closed in 10 days
still relevant
This PR has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this PR will be closed in 10 days
This PR was automatically closed because of stale in 10 days
Description
Enforce users to set the
role-session-name
to their user name when assuming a role. See https://aws.amazon.com/blogs/security/easily-control-naming-individual-iam-role-sessions/ for details.Motivation and Context
This allows to identify user activities in AWS audit logs (e.g. EKS audit logs) based on a reliable identifier. If the user can set
role-session-name
to an arbitrary value this would not be possible.Breaking Changes
Nothing.
How Has This Been Tested?
I tested this using my fork in our AWS account.
examples/*
to demonstrate and validate my change(s)examples/*
projectspre-commit run -a
on my pull request