configure-aws-credentials icon indicating copy to clipboard operation
configure-aws-credentials copied to clipboard

Published 20 hours ago verified publisher icon aws-actions

Add option to specify a custom STS endpoint

Open ianroberts opened this issue 9 months ago • 1 comments

Describe the feature

Add an option to specify the STS endpoint URL explicitly, as an alternative to deriving it automatically from the AWS region.

Use Case

I want to be able to use GitHub tokens for federated authentication to a Minio storage server - this uses an S3-compatible API for storage operations, but also includes an STS-compatible endpoint providing the AssumeRoleWithWebIdentity action to generate access credentials for the S3-compatible API using a federated identity token. As far as I can see this would be possible using the configure-aws-credentials action if there were the option to specify an explicit endpoint parameter in place of (or as well as) the region in CredentialsClient.stsClient():

https://github.com/aws-actions/configure-aws-credentials/blob/fff2104678c2113fcefb9ae8294dc7ccb803e27c/src/CredentialsClient.ts#L33-L37

Proposed Solution

  • add a new input sts-endpoint to the action
  • pass this through to the CredentialsClient constructor
  • if an endpoint has been specified, forward this to the STSClient constructor. Otherwise behave as normal, letting STSClient build its own default endpoint from the region name.

Other Information

No response

Acknowledgements

  • [X] I may be able to implement this feature request
  • [ ] This feature might incur a breaking change

ianroberts avatar May 14 '24 12:05 ianroberts