SessionName is populated as EKSGetTokenAuth in audit logs

[cablunar]

After switcing to aws-cli for authentication in my kubeconfig files, I have problems with our kubernetes audit logs. All audit logs do not include the username from the authenticated user, but are instead replaced with EKSGetTokenAuth

Any info on what to change, to get the actual username is highly appreciated 👍

I'm using aws-cli to authenticate the user with kubectl. kubeconfig:

user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - --region
      - us-east-1
      - eks
      - get-token
      - --cluster-name
      - capi-cluster
      - --role-arn
      - arn:aws:iam::XXXXXXX:role/kadmin
      command: aws

aws-auth configmap, used by aws-iam-authenticator deployment inside the cluster:

  config.yaml: |-
    clusterID: capi-cluster
    server:
      mapRoles:
      - roleARN: arn:aws:iam::xxxxx:role/kadmin
        username: "kadmin::{{SessionName}}"
        groups:
        - aws:kadmin

Output from aws-iam-authenticator

time="2022-09-08T10:53:59Z" level=info msg="STS response" accesskeyid=XXXXXXX accountid=XXXXXXX arn="arn:aws:sts::XXXXXXX:assumed-role/kadmin/EKSGetTokenAuth" client="127.0.0.1:40414" method=POST path=/authenticate session=EKSGetTokenAuth userid=XXXXXXX
time="2022-09-08T10:53:59Z" level=info msg="access granted" arn="arn:aws:iam::XXXXXXX:role/kadmin" client="127.0.0.1:40414" groups="[aws:kadmin]" method=POST path=/authenticate uid="aws-iam-authenticator:XXXXXXX:XXXXXXX" username="kadmin::EKSGetTokenAuth"