Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Use aws:username for IAM initiated federated console sessions. #626

Merged
merged 2 commits into from Mar 29, 2024
Merged

feat: Use aws:username for IAM initiated federated console sessions. #626

merged 2 commits into from Mar 29, 2024
+112 −13

Conversation

matthewhembree
Copy link
Contributor

What changed?

Closes #625

The changes refactor the way federation token ID is used for AWS IAM credentials. Instead of relying on the userID which was previously parsed, the code now uses the userName which is more easily attributable to the IAM user name in the Cloudtrail events list view.

Old:

image

New:

image

Why?

In the Cloudtrail console's event history view, the IAM user name will now display in the user name column. Previously, the user id would display (e.g. AIDA.....).

How did you test it?

  1. Add IAM credential with granted credentials add.
  2. Opened a console session with assume -c.
  3. Created an S3 bucket through the S3 console.

Potential risks

Is patch release candidate?

Link to relevant docs PRs

matthewhembree and others added 2 commits March 22, 2024 01:42
@matthewhembree
feat: Use aws:username for IAM initiated federated console sessions.
07e9e90 
The changes refactor the way federation token ID is used for AWS IAM credentials.
Instead of relying on the userID which was previously parsed, the code now uses the
userName which is more easily attributable to the IAM user name in the Cloudtrail
events list view.

In the Cloudtrail console's event history view, the IAM user name will now display
in the `user name` column. Previously, the `user id` would display (e.g. AIDA.....).

Signed-off-by: Matthew Hembree <47449406+matthewhembree@users.noreply.github.com>
@chrnorm
add unit test around behaviour
3e5ea5f
chrnorm
chrnorm approved these changes Mar 29, 2024
View reviewed changes
Copy link
Contributor

@chrnorm chrnorm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙌 Thanks very much and congratulations here on your first contribution to Granted @matthewhembree! This looks great, I've added an additional unit test around the behaviour here 3e5ea5f

@chrnorm chrnorm merged commit 3bfb958 into common-fate:main Mar 29, 2024
@matthewhembree
Copy link
Contributor Author

Thank you @chrnorm! I wondered about tests.. they're my blind spot. Your code was very educational!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrnorm chrnorm chrnorm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

IAM Federated logins (console) should have easily attributable username in Cloudtrail list view.
2 participants
@matthewhembree @chrnorm