Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow for ExternalId when performing sts-assume-role #18898

Closed
rfairburn opened this issue May 9, 2024 · 3 comments · Fixed by #18901
Closed

Allow for ExternalId when performing sts-assume-role #18898

rfairburn opened this issue May 9, 2024 · 3 comments · Fixed by #18901
Assignees
@edwardsb
Labels
customer-rosner #g-customer-success Customer success issue.

Comments

@rfairburn
Copy link
Contributor

Problem

As a user of Fleet cloud, I would like to be able to provide an ExternalId as part of the assume role process.

Fleet currently supports assuming roles for cross-account data delivery to sources such as Firehose, but does not currently allow specifying an ExternalId as part of the assume role request.

See the following links for more information:
https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

The aws sdk for go Fleet uses already supports this, we would just need to pass in the parameter. See:
https://docs.aws.amazon.com/sdk-for-go/api/service/sts/

Potential solutions

  1. Provide an optional ExternalId variable in additon to the sts_assume_role arns. The immediate use-case is for Firehose, but any integration that allows for assume role would benefit from this feature.
@rfairburn rfairburn added :product Product Design department (shows up on 🦢 Drafting board) ~feature fest Will be reviewed at next Feature Fest customer-rosner labels May 9, 2024
@edwardsb edwardsb mentioned this issue May 10, 2024
Merged
2 tasks
@noahtalerman
Copy link
Member

Hey @lukeheath, it looks we we have an open PR for this request: #18901

I moved this request off the feature fest board to the #g-customer-success board.

Please feel free to move it if that's not the right place.

@noahtalerman noahtalerman added #g-customer-success Customer success issue. and removed :product Product Design department (shows up on 🦢 Drafting board) ~feature fest Will be reviewed at next Feature Fest labels May 10, 2024
@lukeheath
Copy link
Member

@rfairburn We're moving this ticket to the Customer Success board so you can track it there since there is already a PR in review.

@fleet-release
Copy link
Contributor

ExternalId brings peace,
Secure in the cloud city,
Fleet's role now increased.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@edwardsb edwardsb

Labels
customer-rosner #g-customer-success Customer success issue.
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

support external id in STS Assume Role calls fleetdm/fleet
5 participants
@edwardsb @lukeheath @rfairburn @noahtalerman @fleet-release