fleet icon indicating copy to clipboard operation
fleet copied to clipboard

Published 20 hours ago verified publisher icon fleetdm

Allow for ExternalId when performing sts-assume-role

Open rfairburn opened this issue 9 months ago • 0 comments

Problem

As a user of Fleet cloud, I would like to be able to provide an ExternalId as part of the assume role process.

Fleet currently supports assuming roles for cross-account data delivery to sources such as Firehose, but does not currently allow specifying an ExternalId as part of the assume role request.

See the following links for more information: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

The aws sdk for go Fleet uses already supports this, we would just need to pass in the parameter. See: https://docs.aws.amazon.com/sdk-for-go/api/service/sts/

Potential solutions

  1. Provide an optional ExternalId variable in additon to the sts_assume_role arns. The immediate use-case is for Firehose, but any integration that allows for assume role would benefit from this feature.

rfairburn avatar May 09 '24 22:05 rfairburn