-
-
Notifications
You must be signed in to change notification settings - Fork 901
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for AWS Auth with WebIdentity/OIDC #1075
Comments
Thank you very much for the initial detailed issue report. I have pushed some changes to MASTER to support your webidentity/oidc case. If you can give it a try and tell me if everything is working as expected, that would be highly appreciated. s3cmd now supports AssumeRole and AssumeRoleWithWebIdentity. |
Thanks to all for this work. Can we get a release tagged that includes this? 🤞 🙇 |
Does this solution is intended to support sts regional endpoints? |
Altermatively: Is there any way to let the sts client use the proxy configuration? It looks like as if httplib would not respect http(s)_proxy environment variables. |
Thank you! |
If you run an AWS EKS cluster, Kubernetes pods and want to assume an IAM role, the official way to do it is through EKS-> IAM service mapping. It relies on AWS STS WebIdentity:
https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html
It's not an EKS specific feature but an OIDC one. It is supported by AWS SKDs/CLIS https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-minimum-sdk.html
for reference in botocore: https://github.com/boto/botocore/blob/d01fba6ec1c6e183bb031a4e89b6d417213489f4/botocore/credentials.py#L1615
The text was updated successfully, but these errors were encountered: