Skip to content

v0.3.1

Choose a tag to compare

@github-actions github-actions released this 17 Jun 16:26
v0.3.1: key the AssumeRole cache by session name

The cache was keyed by role ARN only, so credentials minted for one
session name were reused for any caller assuming the same role. The
Organizations resolver assumes the management-account role with session
clawpatrol-orgresolve; that cached entry was then reused for the agent's
own calls to that account, so CloudTrail attributed them to
clawpatrol-orgresolve instead of clawpatrol-<profile>. Include the
session name in the cache key so each session keeps its own credentials.