Tim Bannister

> I've sent you a couple of email but apparently you're not receiving them. I'd like to close this now. Could you please send me the list of all the...

If `aws-vault login` starts generating temporary credentials automatically, how does it decide what parameters (eg session duration) to use?

Fair enough, that's legit then!

``` AccessDenied: User: arn:aws:iam::111111111111:user/me is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::111111111111:role/MySpecialRole ``` `aws-vault` wouldn't be able to fix an issue where an IAM user isn't allowed to assume...

How about this one-liner to exit only if you have a session token: ```shell [ "" = "$AWS_SESSION_TOKEN" ] || exit ``` You could make that a shell function, if...

This is relevant to https://github.com/aws/containers-roadmap/issues/474

Tracked in `aws-iam-authenticator` as https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/153

@gremlinjed, would you be willing to set a more specific title for this issue?

We really _might_ be able to get registered Kubernetes annotations for these purposes, and document those (even though it's retrospective). The values that the annotation can take might still end...

This is a low impact. Whenever I spot folks using unregistered annotations in the Kubernetes' project's namespace, I ask them to fix it.