This repository has been archived by the owner on Apr 7, 2022. It is now read-only.
Cross account config #24
Open
Commits on Aug 21, 2017
-
-
Allow selection of role when there are several values to the <saml2:A…
…ttribute Name="https://aws.amazon.com/SAML/Attributes/Role">
-
Allow automatic role selection for cross-account role by following th…
…e source_profile trail in .aws/config: If a source_profile is specified in the target profile, then we inspect that source_profile to see if a role_arn was set. If the source_profile has a role_arn set, then we use it as the cross-account role we are trying to find in the list of values from <saml2:Attribute Name="https://aws.amazon.com/SAML/Attributes/Role">. For example, if the configuration is: ``` [default] region = us-east-1 [profile role1] source_profile = default region = us-west-2 role_arn = arn:aws:iam::123456789012:role/cross-account-role-1 [profile role2] source_profile = role1 region = ap-southeast-2 role_arn = arn:aws:iam::987654321098:role/my-target-role ``` Then when running `oktad role2 -- bash` we will be looking for the role_arn of the source_profile referenced in profile role2, that is we will try to find arn:aws:iam::123456789012:role/cross-account-role-1 in the values obtained from the SAML assertion.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.