Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core: Allow sts:TagSession to trusted accounts #31557

Open
2 tasks
konokenj opened this issue Sep 25, 2024 · 1 comment
Open
2 tasks

core: Allow sts:TagSession to trusted accounts #31557

konokenj opened this issue Sep 25, 2024 · 1 comment
Labels
@aws-cdk/core Related to core CDK functionality effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@konokenj
Copy link
Contributor

Describe the feature

With #31089, now we can use sts:TagSession in single account. Next, it can be allowed to use with --trust or --trust-for-lookup.

Use Case

In cases of cross-account deployment, sts:TagSession permission may be necessary. This makes it easier to track who assumed that role. Depending on security requirements, without this feature, it can be challenging to configure CI/CD pipelines across multiple accounts.

Proposed Solution

Add to bootstrap-template.yaml

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.160.0

Environment details (OS name and version, etc.)

macOS 14.6.1
@konokenj konokenj added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Sep 25, 2024
@github-actions github-actions bot added the @aws-cdk/core Related to core CDK functionality label Sep 25, 2024
@ashishdhingra ashishdhingra self-assigned this Sep 25, 2024
@ashishdhingra ashishdhingra added p2 investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-triage This issue or PR still needs to be triaged. labels Sep 25, 2024
@ashishdhingra
Copy link
Contributor

ashishdhingra commented Sep 26, 2024
edited
Loading

Appears to be a useful feature request for cross-account scenario while bootstrapping with --trust or --trust-for-lookup options.

@ashishdhingra ashishdhingra added effort/medium Medium work item – several days of effort and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Sep 26, 2024
@ashishdhingra ashishdhingra removed their assignment Sep 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/core Related to core CDK functionality effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ashishdhingra @konokenj