Will session tagging be available?

[roskelleycj]

As I review aws-actions/configure-aws-credentials@v1 I see that it supports session tagging. And when I review the 'private' implementation I get the sense that session tagging was not enabled on purpose. However, I wonder if there is the possibility of splitting things up a little bit so that on the first assumed role (OIDC) that the session tagging can be enabled and on the subsequent CDK related roles it is not required.

This is because the first assumed role (OIDC) requires conditions that perhaps are best evaluated using the session tags. And the CDK related roles are not best situated, as they are not OIDC aware, nor should they be. Without the use of session tags on the OIDC role it is significantly difficult to make anything more complex than a simple example work. E.g., if you have 3+ github ORGs and 1500+ repos then it is difficult to make one OIDC role per account work well. If however, the session tags are present, then it is fairly easy to make a single role that can match the expected conditions.

Thoughts?

[kaizencc]

The short answer is that I didn't see a use case for session tagging. My thought is that if there is a use case, someone will open a feature request and we can discuss whether or not its worth it there! So thanks for opening the request.

I'm not actually too well versed in how one might use OIDC with session tagging (part of why it's not exposed :) ). Can you detail out exactly what features you'd like to see in this module, perhaps with a code snippet? Then, I'm happy to discuss 1) feasibility and 2) whether there is a use case for it.