Skip to content
This repository was archived by the owner on Jul 31, 2025. It is now read-only.

Commit 6b9e1f9

Browse files
RanVakninRanVaknin
authored
Merge pull request #4830 from addisonj/assumerolecreds_source_identity
Add support for SourceIdentity to stscreds.NewCredentials
2 parents db19686 + 64deb07 commit 6b9e1f9

File tree

1 file changed

+8
-4
lines changed

1 file changed

+8
-4
lines changed

aws/credentials/stscreds/assume_role_provider.go

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ to refresh the credentials will be synchronized. But, the SDK is unable to
99
ensure synchronous usage of the AssumeRoleProvider if the value is shared
1010
between multiple Credentials, Sessions or service clients.
1111
12-
Assume Role
12+
# Assume Role
1313
1414
To assume an IAM role using STS with the SDK you can create a new Credentials
1515
with the SDKs's stscreds package.
@@ -27,7 +27,7 @@ with the SDKs's stscreds package.
2727
// from assumed role.
2828
svc := s3.New(sess, &aws.Config{Credentials: creds})
2929
30-
Assume Role with static MFA Token
30+
# Assume Role with static MFA Token
3131
3232
To assume an IAM role with a MFA token you can either specify a MFA token code
3333
directly or provide a function to prompt the user each time the credentials
@@ -49,7 +49,7 @@ credentials.
4949
// from assumed role.
5050
svc := s3.New(sess, &aws.Config{Credentials: creds})
5151
52-
Assume Role with MFA Token Provider
52+
# Assume Role with MFA Token Provider
5353
5454
To assume an IAM role with MFA for longer running tasks where the credentials
5555
may need to be refreshed setting the TokenProvider field of AssumeRoleProvider
@@ -74,7 +74,6 @@ single Credentials with an AssumeRoleProvider can be shared safely.
7474
// Create service client value configured for credentials
7575
// from assumed role.
7676
svc := s3.New(sess, &aws.Config{Credentials: creds})
77-
7877
*/
7978
package stscreds
8079

@@ -199,6 +198,10 @@ type AssumeRoleProvider struct {
199198
// or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).
200199
SerialNumber *string
201200

201+
// The SourceIdentity which is used to identity a persistent identity through the whole session.
202+
// For more details see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
203+
SourceIdentity *string
204+
202205
// The value provided by the MFA device, if the trust policy of the role being
203206
// assumed requires MFA (that is, if the policy includes a condition that tests
204207
// for MFA). If the role being assumed requires MFA and if the TokenCode value
@@ -320,6 +323,7 @@ func (p *AssumeRoleProvider) RetrieveWithContext(ctx credentials.Context) (crede
320323
Tags: p.Tags,
321324
PolicyArns: p.PolicyArns,
322325
TransitiveTagKeys: p.TransitiveTagKeys,
326+
SourceIdentity: p.SourceIdentity,
323327
}
324328
if p.Policy != nil {
325329
input.Policy = p.Policy

0 commit comments

Comments
 (0)