-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Assume role source creds from environment #2938
Comments
Marking this as a feature request, thanks! |
This actually isn't supported, nor fixed in boto/botocore#1313... When using the profile:
|
@lorengordon is using the [profile mock]
role_arn = arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME
credential_source = Environment |
@alexrudd Oh yes, of course that works. But I thought you were expecting it to fall through to getting the initial credential from the default credential chain, and then assume the specified role. I suppose in my head I was linking this feature to #2664, as a pre-requisite for being able to pass |
Ah I see what you mean. Yeah it would be nice if it fell back to the default credential chain. Might be worth opening a separate issue as I don't think this will be tracked anymore |
Hi,
Currently the only way to assume a role involves specifying at least a
role_arn
and asource_profile
in a credentials file.If the
source_profile
variable were made optional and aws-cli fell back to using credentials defined in the environment or in an EC2 instance profile, then this would be a much more flexible feature for situations where persisting credentials to a file isn't possible.My particular situation is needing to deploy a website to an s3 bucket from jenkins. Jenkins can seed the workspace environment with credentials in environment vars, but aws-cli has no way of using these to assume a role.
This is similar to the feature requests in the following issues:
--profile
#2664Thanks
The text was updated successfully, but these errors were encountered: