Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Support for IAM Roles Anywhere CreateSession #2936

Open
2 tasks
rittneje opened this issue Dec 19, 2024 · 3 comments
Open
2 tasks

Add Support for IAM Roles Anywhere CreateSession #2936

rittneje opened this issue Dec 19, 2024 · 3 comments
Labels
feature-request A feature should be added or improved.

Comments

@rittneje
Copy link

Describe the feature

Add native support for CreateSession to the SDK.

Use Case

We would like to leverage IAM Roles Anywhere to "bootstrap" AWS credentials into our external services that are written in Go. We are unable to use the precanned credential_process binaries.

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

AWS Go SDK V2 Module Versions Used

n/a

Go version used

n/a
@rittneje rittneje added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Dec 19, 2024
@Madrigal
Copy link
Contributor

Madrigal commented Jan 8, 2025

For our understanding, why are you unable to use the vended binaries?

Note that these binaries are more than just "bootstrap" credentials. They are a long-running process that is used to refresh your credentials, which includes reading and sending your x509 certificate for validation. You can see what the credential helper does here and get an idea of the size of the effort it would take.

We could port just CreateSession API, but without the binaries I'm not sure that would be super helpful

@Madrigal Madrigal added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels Jan 8, 2025
@github-actions GitHub Actions
Copy link

This issue has not received a response in 1 week. If you want to keep this issue open, please just leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Jan 19, 2025
@rittneje
Copy link
Author

@Madrigal

For our understanding, why are you unable to use the vended binaries?

I can't get into specifics, but essentially we need to distribute a single static executable. This also highlights another flaw of the binaries - they expect the certificate and private key to be files, which is totally incompatible with things like HSMs. When adding native support to Go, please do so via x509.Certificate + crypto.Signer or similar.

@github-actions github-actions bot removed closing-soon This issue will automatically close in 4 days unless further comments are made. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. labels Jan 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request A feature should be added or improved.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Madrigal @rittneje