get_session_token does not return a full credentials object #1009
Comments
|
The answer to your exact question is that the object is a representation of the STS API model, and doesn't have any higher level features decorated in. What I am thinking, however, is that there is a feature request to have a credential provider that uses STS in this manner, or that can easily consume this response to create an What are you trying to do? Asking to craft the right feature request. |
|
Basically, I want MFA without having to assume a role. So the idea would be to get the session, and set that as the default credentials using I am hoping this will allow the ability to assume multiple roles in a single session without having to re-enter MFA. Also, it enables access to stuff that the IAM user has access to without a role but is restricted by MFA in the policy. The workaround I see right now is to set |
|
We do provide an abstraction around AssumeRoleCredentials, but it may require some tweaking to handle a plain |
|
Thanks Alex! |
|
I've closed this issue and moved it to our feature requests. |
|
Thanks Trevor, I don't necessarily need this right now, the use case I needed it for has changed pretty drastically since I asked about this, but it would be cool to see still! |
|
An example of a workaround for this: https://gist.github.com/bhouse/f97980adc5df2b5db7fd435a6112c4d8 |
diehlaws
added
guidance
The
Aws::STS::Types::Credentialsobject returned by theget_session_tokenclass does not seem to be a full credentials object and does not respond to eitherset?or#credentialsand hence does not seem suitable to be used as a default inAws.config.Is there a specific reason for this?
The text was updated successfully, but these errors were encountered: