Support sub field selection for OIDC Authentication with AWS
pending feedback
X
Xylophone gold Bobolink
AWS accounts are segmented by environment, and Harness does not provide this information in the sub field which means that I can’t use environment as a condition for assuming the role. This is the example Github gives for Github Actions:
"Condition": {
"StringEquals": {
"token.actions.githubusercontent.com:sub": "repo:test-org/test-repo:environment:prod"
}
}
At a minimum we need this information to be passed in the sub field so we can filter on it
Log In
Rohan Gupta
pending feedback
Rohan Gupta
We have a custom section: https://developer.harness.io/docs/platform/connectors/cloud-providers/ref-cloud-providers/aws-connector-settings-reference/#custom-parameters
Is it doable to use the custom property thats how our other customers are using it. We have exposed, pipeline, connector because those are hen the token is exchanged. We did evaluate the github approach but in our model we have more hierarchy, account/org/project - pipeline if a ff is enabled.
X
Xylophone gold Bobolink
Rohan Gupta - the problem is that AWS doesn’t let you use anything other then subject and audience fields to filter on (according to the docs). There isn’t a way to set additional filter criteria on any other properties.