elegant-crayon-4967
07/14/2021, 7:00 PMsessionName
param passed in. We have conditions setup on our service accounts that only allow assume role usage if the session name matches the correct phrase. I have Pulumi setup to match this _sessionName_: 'agent-example'
but in my cloudtrail logs I can clearly see the assume role operation denied and the request parameters show as “null” where it should show the sessionName.witty-candle-66007
07/14/2021, 7:46 PMelegant-crayon-4967
07/14/2021, 8:28 PMwitty-candle-66007
07/14/2021, 8:31 PM"requestParameters": {
"bucketName": "my-bucket-bb6c451",
"Host": "<http://my-bucket-bb6c451.s3.amazonaws.com|my-bucket-bb6c451.s3.amazonaws.com>",
"x-amz-acl": "private"
},
elegant-crayon-4967
07/14/2021, 8:33 PMwitty-candle-66007
07/14/2021, 8:42 PMelegant-crayon-4967
07/14/2021, 9:04 PMaws sts assume-role
commandwitty-candle-66007
07/14/2021, 9:19 PMelegant-crayon-4967
07/14/2021, 10:15 PMwitty-candle-66007
07/15/2021, 1:04 PMelegant-crayon-4967
07/15/2021, 11:56 PMwitty-candle-66007
07/16/2021, 1:10 PMelegant-crayon-4967
07/16/2021, 4:56 PM