Option to preserve role_session_name
when chaining roles
#8797
Labels
assume-role
configuration
feature-request
A feature should be added or improved.
p2
This is a standard priority issue
sso
Describe the feature
Currently, if no
role_session_name
is set it's being by set to default value likebotocore-session-xxxxxxx
.However, would be great to have an option to preserve existing
role_session_name
when chaining roles.Use Case
When using IAM Identity Center initially created session has
role_session_name
automatically set to the user name likejohn.doe@example.com
. However on subsequentAssumeRole
calls, initial session name is being lost and replaced withbotocore-session-xxxxxxx
. I would like to have an option to preserve original session name when chaining roles.Proposed Solution
Let's say following configuration is used:
[profile sso] sso_start_url = https://test.awsapps.com/start sso_region = us-east-1 sso_account_id = 123456789012 sso_role_name = SSORole region = us-east-1 [profile operator] role_arn = arn:aws:iam::123456789012:role/operator-role region = us-east-1 source_profile = sso +preserve_source_role_session_name = true
Other Information
No response
Acknowledgements
CLI version used
aws-cli/2.17.11
Environment details (OS name and version, etc.)
Darwin/23.5.0
The text was updated successfully, but these errors were encountered: