[FEATURE] OIDC provider to use some resource from external service (like AWS IAM) #408
Comments
|
That would 100% be awesome. 🙌 Also, if each Slack application were given its own individual instance profile (assuming that they run on AWS infrastructure, which should be the case since Salesforce is all AWS), it would make it very easy to allow it to assume a role in our AWS account (we would just have to enable that instance profile ARN to assume the desired role). |
|
@MysticDoll thanks for writing in 💯 Would you be able to share your use case for this? I'm not sure I fully understand in what situations this would be used |
|
It could be used to do anything. It could effectively turn Slack into a front-end/admin portal for AWS (to quickly run various workflows against the AWS API instead of clicking through their UI). It's doable with access keys, but that's not the most secure method, and it adds the concern of rotating them regularly. |
|
If I'm understanding this correctly this feature request would enable External authentication to support OIDC? |
Yes. I mean that. If Slack support OIDC, it will be convenient to integrate with various services including AWS. |
Description of the problem being solved
I want to assume role in our AWS account like GitHub Actions.
If it is possible, we can use some AWS resource from Slack Workflow.
Alternative solutions
Now we can use some resource from AWS with IAM user credentials. But IAM User isn't match AWS's best practice and AWS recommends to use temporary credentials by
AssumeRoleWithWebIdentity.Requirements
Please read the Contributing guidelines and Code of Conduct before creating this issue or pull request. By submitting, you are agreeing to those rules.
The text was updated successfully, but these errors were encountered: