Allow SPIRE-Server to work in all AWS partitions #4423

achaurasiaConfluent · 2023-08-09T20:34:27Z

Current SPIRE Server aws_iid nodeattestor plugin assume that the role is in partition aws.
Due to current implementation

spire/pkg/server/plugin/nodeattestor/awsiid/client.go

Lines 80 to 82 in 0527653

    
           if cc.config.AssumeRole != "" { 
        
           	asssumeRoleArn = fmt.Sprintf("arn:aws:iam::%s:role/%s", accountID, cc.config.AssumeRole) 
        
           }

spire would only work in aws partition.

Refer https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html
for aws partition and arn format.

Version: 1.7.0
Platform: any
Subsystem: Server node attestor plugin

The text was updated successfully, but these errors were encountered:

MarcosDY · 2023-09-07T19:16:55Z

Done

rturner3 added help wanted Issues with this label are ready to start work but are in need of someone to do it priority/backlog Issue is approved and in the backlog labels Aug 10, 2023

achaurasiaConfluent mentioned this issue Aug 10, 2023

Chore/aws partition support #4427

Merged

3 tasks

MarcosDY closed this as completed Sep 7, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow SPIRE-Server to work in all AWS partitions #4423

Allow SPIRE-Server to work in all AWS partitions #4423

achaurasiaConfluent commented Aug 9, 2023

MarcosDY commented Sep 7, 2023

Allow SPIRE-Server to work in all AWS partitions #4423

Allow SPIRE-Server to work in all AWS partitions #4423

Comments

achaurasiaConfluent commented Aug 9, 2023

MarcosDY commented Sep 7, 2023