From 57182943869791c8360ca8d1ddd059715d4f7cfe Mon Sep 17 00:00:00 2001 From: Daren Desjardins Date: Thu, 9 Feb 2017 08:54:49 -0800 Subject: [PATCH] state/remote/s3: Fix Bug with Assume Role for Federated IAM Account (#10067) * Enable remote s3 state support for assume role - provide role_arn in backend config to enable assume role Fixes #8739 * Check for errors after obtaining credentials --- state/remote/s3.go | 5 +++++ website/source/docs/state/remote/s3.html.md | 1 + 2 files changed, 6 insertions(+) diff --git a/state/remote/s3.go b/state/remote/s3.go index ab101d2b7e..9b111e381c 100644 --- a/state/remote/s3.go +++ b/state/remote/s3.go @@ -70,7 +70,12 @@ func s3Factory(conf map[string]string) (Client, error) { Token: conf["token"], Profile: conf["profile"], CredsFilename: conf["shared_credentials_file"], + AssumeRoleARN: conf["role_arn"], }) + if err != nil { + return nil, err + } + // Call Get to check for credential provider. If nothing found, we'll get an // error, and we can present it nicely to the user _, err = creds.Get() diff --git a/website/source/docs/state/remote/s3.html.md b/website/source/docs/state/remote/s3.html.md index d1a68b1625..a345533df3 100644 --- a/website/source/docs/state/remote/s3.html.md +++ b/website/source/docs/state/remote/s3.html.md @@ -98,3 +98,4 @@ The following configuration options or environment variables are supported: `~/.aws/credentials` will be used. * `token` - (Optional) Use this to set an MFA token. It can also be sourced from the `AWS_SESSION_TOKEN` environment variable. + * `role_arn` - (Optional) The role to be assumed