IntenseWebs/opentofu
3
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2025-02-25 18:45:20 -06:00
Code Issues Packages Projects Releases Wiki Activity

state/remote/s3: Fix Bug with Assume Role for Federated IAM Account (#10067)

Browse Source 
* Enable remote s3 state support for assume role

- provide role_arn in backend config to enable assume role

Fixes #8739

* Check for errors after obtaining credentials
This commit is contained in:
Daren Desjardins 2017-02-09 08:54:49 -08:00 committed by Paul Stack
parent 057341acf8
commit 5718294386
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
state/remote/s3.go
View File

@ -70,7 +70,12 @@ func s3Factory(conf map[string]string) (Client, error) {
Token: conf["token"], Token: conf["token"],
Profile: conf["profile"], Profile: conf["profile"],
CredsFilename: conf["shared_credentials_file"], CredsFilename: conf["shared_credentials_file"],
AssumeRoleARN: conf["role_arn"],
}) })
if err != nil {
return nil, err
}
// Call Get to check for credential provider. If nothing found, we'll get an // Call Get to check for credential provider. If nothing found, we'll get an
// error, and we can present it nicely to the user // error, and we can present it nicely to the user
_, err = creds.Get() _, err = creds.Get()

1
website/source/docs/state/remote/s3.html.md
View File

@ -98,3 +98,4 @@ The following configuration options or environment variables are supported:
`~/.aws/credentials` will be used. `~/.aws/credentials` will be used.
* `token` - (Optional) Use this to set an MFA token. It can also be * `token` - (Optional) Use this to set an MFA token. It can also be
sourced from the `AWS_SESSION_TOKEN` environment variable. sourced from the `AWS_SESSION_TOKEN` environment variable.
* `role_arn` - (Optional) The role to be assumed