-
Notifications
You must be signed in to change notification settings - Fork 653
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot programatically assume role with web identity using config.WithWebIdentityRoleCredentialOptions
#2412
Comments
@gdavison Can you try the latest set of modules? (mainly the sts client). I believe this is related to a fix we just pushed out today--
|
Hi @lucix-aws, that doesn't fix it. The issue is in
In my use case, since I'm trying to set it programatically, neither the |
@gdavison Hi we have made sure the issue is caused by
|
This issue has not received a response in 1 week. If you want to keep this issue open, please just leave a comment below and auto-close will be canceled. |
|
Describe the bug
When trying to assume a role with web identity, it is not possible to assume the role, even when all values are set by passing
config. config.WithWebIdentityRoleCredentialOptions
toconfig.LoadDefaultConfig
, e.g.:This will not work, and fall back to trying IMDS.
Looking through
config.resolveCredentialChain
,config.assumeWebIdentity
is only called ifWebIdentityTokenFilePath
is set on theEnvConfig
orWebIdentityTokenFile
is set on theSharedConfig
.Manually creating an
sts.Client
andstscreds.WebIdentityRoleProvider
is an option, but if there are other configurations set, we have to:config.LoadDefaultConfig
Config.Credentials
tonil
StsClient
using the resolvedConfig
Expected Behavior
config.LoadDefaultConfig
should be able to directly assume the role with web identity if all of the parameters are setCurrent Behavior
config.LoadDefaultConfig
does not assume the role, and requires manual configurationReproduction Steps
Add the following test case to
TestResolveWebIdentityWithOptions
inconfig/resolve_web_identity_test.go
Possible Solution
No response
Additional Information/Context
Related to #2015
AWS Go SDK V2 Module Versions Used
github.com/aws/aws-sdk-go-v2 v1.23.4
github.com/aws/aws-sdk-go-v2/config v1.25.10
github.com/aws/aws-sdk-go-v2/credentials v1.16.8
github.com/aws/aws-sdk-go-v2/service/sts v1.26.1
Compiler and Version used
go version go1.21.0 darwin/arm64
Operating System and version
macOS 13.4.1
The text was updated successfully, but these errors were encountered: