Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWS secrets engine generating session tokens #23690

Merged
merged 34 commits into from
Nov 8, 2023
Merged

AWS secrets engine generating session tokens #23690

Changes from 1 commit
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
20dd50f
AWS Secret Engine: Support Session Tokens
grahamc Oct 5, 2021
0426428
Add a test for SessionTokens, untested: I couldn't get any of the tes…
grahamc Oct 5, 2021
65a99ed
add a changelog entry
grahamc Oct 5, 2021
db4c53e
Document session tokens
grahamc Oct 5, 2021
72e3769
Update the JS for session tokens
grahamc Oct 5, 2021
1a4afd5
Add suggestions
robmonte Oct 12, 2023
57c4199
Fix typo
robmonte Oct 12, 2023
3f6e24e
Fix broken link
robmonte Oct 12, 2023
4c8ef89
Fix backticks
robmonte Oct 14, 2023
1bc9bf0
Disallow setting aws role or policy on a session token-based role
robmonte Oct 16, 2023
c491b92
Rename security token to session token
robmonte Oct 16, 2023
a8b24ec
Update check
robmonte Oct 16, 2023
d8ba1a7
Adjust docs
robmonte Oct 17, 2023
1051683
use time.Until
robmonte Oct 17, 2023
676ed91
Add changelog
robmonte Oct 17, 2023
a84fec9
Change security_token to session_token in all locations
robmonte Oct 17, 2023
24957d0
Remove original changelog file
robmonte Oct 17, 2023
f317c98
Undo auth docs change
robmonte Oct 17, 2023
1f5ca35
Update api docs
robmonte Oct 17, 2023
7fdb5d4
Fix error capitalization
robmonte Oct 17, 2023
69e5059
Add MFA code support
robmonte Oct 18, 2023
7ad5b85
Update wording
robmonte Oct 19, 2023
ada5c08
Update wording
robmonte Oct 19, 2023
eec27c9
Update website/content/docs/secrets/aws.mdx
robmonte Oct 20, 2023
04c10b2
Add lines between note, split long line
robmonte Oct 20, 2023
0a2d59d
Fix another page's warning tag
robmonte Oct 20, 2023
7b32e11
Merge branch 'main' into aws-session-token-fork
robmonte Oct 20, 2023
7489461
Add security_token back to responses, set it as deprecated
robmonte Oct 24, 2023
0eb2593
Merge branch 'main' into aws-session-token-fork
robmonte Oct 24, 2023
3b0dbc4
Wording
robmonte Oct 24, 2023
a6d9f23
Add ttl field to response
robmonte Oct 31, 2023
de36e92
Update builtin/logical/aws/secret_access_keys.go
robmonte Nov 4, 2023
cc21967
Update builtin/logical/aws/path_roles.go
robmonte Nov 4, 2023
653dc8f
Mention ARN in field description
robmonte Nov 4, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update website/content/docs/secrets/aws.mdx 
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
  • Loading branch information
@robmonte @schavis
robmonte and schavis authored Oct 20, 2023
commit eec27c90c1f0173e5887a931a9f608351a819cde
6 changes: 4 additions & 2 deletions website/content/docs/secrets/aws.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -358,11 +358,13 @@ The `session_token` credential type is used to generate short-lived credentials
To create these with Vault and AWS, you must configure Vault to use IAM user credentials. AWS does not
allow temporary credentials, like those from an IAM instance profile, to be used when generating session tokens.

<Important>
<Warning>

STS session tokens inherit any and all permissions granted to the user configured in `aws/config/root`.
In this expample, the `temp_user` role will obtain a policy with the same `ec2:*` permissions as the
root config. For this reason, assigning a role or policy is disallowed for this credential type.
</Important>

</Warning>

```shell-session
$ vault write aws/roles/temp_user \
Expand Down
Loading