[Feature request] Support for custom Session Tags and Session Name #14
Comments
|
This also helps with MSK's IAM policy. The MSK server gets angry and de-auths you when your session name changes. So your MSK connection is alive and well for the initial X hours. When pod-identtity-agent assumes a NEW STS role when the old expires, the session name changes, which causes MSK to kick you out. The error you get is about principals changing. The fix is to set AWS_ROLE_SESSION_NAME, which isn't possible w/ pod-identity |
|
linking to aws roadmap in case it helps aws/containers-roadmap#2362 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature request
Ability to configure Custom Session Tags and Custom Session Names for STS sessions created by EKS Pod Identities.
Context
Currently it's not possible to configure neither Custom Session Tags1 nor Custom Session Name2.
This makes it impossible to implement certain use-cases where I need to configure IAM policies based on custom IDs, rather than supported values of:
Also, existing session tags consume more than a half of STS
packedPolicySize, would be great to be able to optionally disable some tags, to reduce policy size:Footnotes
https://docs.aws.amazon.com/eks/latest/userguide/pod-id-abac.html#pod-id-abac-custom-tags ↩
https://github.com/aws/containers-roadmap/issues/2362 ↩
The text was updated successfully, but these errors were encountered: