leapp
leapp copied to clipboard
Noovolari
Confusing "Assumer Session" drop-down when using AWS SSO with IAM Role Chained Sessions
Is your feature request related to a problem? Please describe.
We use AWS SSO to authenticate to a central account, and then switch-role to other accounts and roles. We have different permissions sets in AWS SSO for assuming different roles into different accounts. I was setting this up in Leapp, and the AWS SSO Sessions look fine and work great. It detects all the permissions sets available to me, and displays the Session Name and Role Name nicely in the UI.
But then I started trying to configure the IAM Role Chained Sessions for the switch-role functionality, and the "Assumer Session" drop-down only contains the Session Name, which is the same for every AWS SSO session. So I'm not sure how to tell which item to select in the drop-down, to select the permission set that actually has permission to perform the switch-role functionality for the ARN I am providing to the chained session.
Describe the solution you'd like
Well I'm not sure. Perhaps unique Session Names for AWS SSO sessions? Or combining the Session Name with the Role Name in the "Assumer Session" drop-down?
Edit: I am using Leapp v0.10.0...
Thanks for your contribution.
Yep this is absolutely a problem because session alias is not unique, we need to find a better way to indicate what is the Assumer Session. Maybe a combination of alias and role name. We can add an advanced option to show more info in choosing the assumer session.
Also an Idea i had is to add an option to improve the automatic provisioning of the AWS SSO Session. We can create a custom field fillable by the user to add a method to define a better understanding Session alias
Yeah, I'm also seeing that the AWS SSO sessions are all deleted when I log out, and any customizations of those sessions are lost. So if the solution relies on the user editing the session, it would be nice if that customization was preserved.