community.aws
community.aws copied to clipboard
community.aws.iam_role_info: preserve case when returning role trust relationship
SUMMARY
Current community.aws.iam_role_info
returns the following dict. for a given role based on the usage of the camel_dict_to_snake_dict
function as follows:
{
"arn": "arn:aws:iam::XXXX:role/XXXX-admin",
"assume_role_policy_document": {
"statement": [
{
"action": "sts:AssumeRoleWithSAML",
"condition": {
"string_equals": {
"saml:aud": "https://signin.aws.amazon.com/saml"
}
},
"effect": "Allow",
"principal": {
"federated": "arn:aws:iam::XXXX:saml-provider/compnay"
}
},
{
"action": "sts:AssumeRole",
"effect": "Allow",
"principal": {
"aws": "arn:aws:iam::YYYY:root"
}
}
],
"version": "2012-10-17"
},
The trust relationship does not respect the case of the AWS resource, thus rendering the trust relationship invalid.
![Screen Shot 2021-04-20 at 2 01 09 PM](https://user-images.githubusercontent.com/1027278/115463628-91458080-a21b-11eb-97ae-4fbb53fe8197.png)
ISSUE TYPE
- Feature Idea
COMPONENT NAME
community.aws.iam_role_info
ADDITIONAL INFORMATION
The suggestion consists in adding a module option, such as preserve_case
which would render the trust relationship compliant with IAM syntax:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::XXXXXX:saml-provider/compnay"
},
"Action": "sts:AssumeRoleWithSAML",
"Condition": {
"StringEquals": {
"SAML:aud": "https://signin.aws.amazon.com/saml"
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXX:root"
},
"Action": "sts:AssumeRole"
}
]
}
Files identified in the description: None
If these files are inaccurate, please update the component name
section of the description or use the !component
bot command.
In some cases it is reversable when you use a simple custom python filter that uses just snake_dict_to_camel_dict
.
But aws has so many exceptions in their keys all over their platform. I think preserve_case
parameter is a good idea and should be easy to implement.
Happy to implement that feature :) I will get started on it soon.