luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

docs: Change wording for AssumeRole permissions in AWS secrets (#19823) 

Co-authored-by: wernerwws <wernerwws@users.noreply.github.com>
This commit is contained in:
Robert 2023-03-29 13:03:26 -05:00 committed by GitHub
parent bc57865998
commit 71071fd954
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
website/content/docs/secrets/aws.mdx
View File

@ -355,9 +355,10 @@ authentication or single sign-on (SSO) scenarios. In order to use an
instance in an IAM instance profile) can retrieve `assumed_role` credentials
(but cannot retrieve `federation_token` credentials).
The `aws/config/root` credentials must have an IAM policy that allows `sts:AssumeRole`
against the target role:
The `aws/config/root` credentials must be allowed `sts:AssumeRole` through one of
two methods:
1. The credentials have an IAM policy attached to them against the target role:
```javascript
{
"Version": "2012-10-17",
@ -369,9 +370,7 @@ against the target role:
}
```
You must attach a trust policy to the target IAM role to assume, allowing
the aws/root/config credentials to assume the role.
1. A trust policy is attached to the target IAM role for the principal:
```javascript
{
"Version": "2012-10-17",