core: Allow sts:TagSession to trusted accounts #31557
Labels
@aws-cdk/core
Related to core CDK functionality
effort/medium
Medium work item – several days of effort
feature-request
A feature should be added or improved.
p2
Describe the feature
With #31089, now we can use
sts:TagSession
in single account. Next, it can be allowed to use with--trust
or--trust-for-lookup
.Use Case
In cases of cross-account deployment,
sts:TagSession
permission may be necessary. This makes it easier to track who assumed that role. Depending on security requirements, without this feature, it can be challenging to configure CI/CD pipelines across multiple accounts.Proposed Solution
Add to bootstrap-template.yaml
Other Information
No response
Acknowledgements
CDK version used
2.160.0
Environment details (OS name and version, etc.)
macOS 14.6.1
The text was updated successfully, but these errors were encountered: