-
Notifications
You must be signed in to change notification settings - Fork 467
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Action give warning about long term credentials when using InstanceRole permissions on self-hosted runners #885
Comments
Thanks, i hadn't considered this case. I'm also not sure at all how we could properly detect this. I suppose we could add an "acknowledge-warning" prop, but that requires the user to take a step they shouldn't have to. Will need to look into this |
@peterwoodworth I'm not sure about this, but perhaps you could validate the presence of the |
Why not triggering the warning only when |
The corresponding code: configure-aws-credentials/src/assumeRole.ts Lines 59 to 64 in a4d9254
And the pull request: #871 It checks the environment variable: "AWS_SESSION_TOKEN". |
I am facing a similar problem. I agree with @bplessis-swi I think the case where it can be determined that long-term credentials are being used is when only |
I don't work with this team anymore so I cannot provide a review/merge, @tim-finnigan could you look into this please? I think I had assumed these variables would always be filled if it gets to that point, but that might not be the case based on the above comments. |
Comments on closed issues are hard for our team to see. |
Describe the bug
Hi,
We are using self-hosted runners within our AWS account, with InstanceRole level permissions that allow for AssumeRole to different deploy roles. There is no long-term AWS credentials, or at least not in the common sense.
Expected Behavior
No warning should show up
Current Behavior
A warning pop-up for each call to configure-aws-credentials in our workflows
Reproduction Steps
Simply using configure-aws-credentials without any credentials
Possible Solution
No response
Additional Information/Context
No response
The text was updated successfully, but these errors were encountered: