diff --git a/website/content/api-docs/secret/aws.mdx b/website/content/api-docs/secret/aws.mdx index 5cb4c0949..565a46125 100644 --- a/website/content/api-docs/secret/aws.mdx +++ b/website/content/api-docs/secret/aws.mdx @@ -59,7 +59,7 @@ valid AWS credentials with proper permissions. - `sts_endpoint` `(string: )` – Specifies a custom HTTP STS endpoint to use. - `username_template` `(string: )` - [Template](/docs/concepts/username-templating) describing how - dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) + dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). Longer usernames result in a 500 error. To ensure generated usernames are within length limits for both STS/IAM, the template must adequately handle @@ -377,6 +377,7 @@ Using tags: + ```bash vault write aws/roles/example-role \ credential_type=iam_user \ @@ -393,6 +394,7 @@ Using tags: ```json ["tag1=42", "tag2=something"] ``` + @@ -540,9 +542,9 @@ credentials retrieved through `/aws/creds` must be of the `iam_user` type. the Vault role. Optional if the Vault role only allows a single AWS role ARN; required otherwise. - `role_session_name` `(string)` - The role session name to attach to the assumed role ARN. - `role_session_name` is limited to 64 characters; if exceeded, the `role_session_name` in the - assumed role ARN will be truncated to 64 characters. If `role_session_name` is not provided, - then it will be generated dynamically by default. + `role_session_name` is limited to 64 characters; if exceeded, the `role_session_name` in the + assumed role ARN will be truncated to 64 characters. If `role_session_name` is not provided, + then it will be generated dynamically by default. - `ttl` `(string: "3600s")` – Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when `credential_type` is `assumed_role` or `federation_token`. When not specified,