Closed sandeshgrangdan closed 2 weeks ago
To allow an IRSA role from one service to be assumed by an IRSA role in another service, supporting cross-service role assumption.
Why?
To allow an IRSA role from one service to be assumed by an IRSA role in another service, supporting cross-service role assumption.
Why?
I need to generate temporary credentials from an IRSA role that will be used by external applications. To manage these credentials, I have a separate key rotation application with its own role or user that will update the temporary credentials generated by the IRSA role.
thank you for that info - unfortunately, I don't think that is a use case we are going to support here
Description
Enhanced the
iam-role-for-service-accounts-eks
module to support additional trusted principals including both IAM roles and users.Motivation and Context
To allow an IRSA role from one service to be assumed by an IRSA role in another service, supporting cross-service role assumption.
Breaking Changes
None
How Has This Been Tested?
examples/*
to demonstrate and validate my change(s)examples/*
projectspre-commit run -a
on my pull request