Skip to content

Commit

Permalink
feat (Can RoleSessionName be made configurable? #1127): add assumeRol…
Browse files Browse the repository at this point in the history
…eSessionName option (#1140)

Co-authored-by: James Bourne <[email protected]>
  • Loading branch information
james-hu and jamesmbourne authored Aug 16, 2023
1 parent bdca17c commit 3b8319f
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 1 deletion.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,7 @@ const interceptor = aws4Interceptor({
region: "eu-west-2",
service: "execute-api",
assumeRoleArn: "arn:aws:iam::111111111111:role/MyRole",
assumeRoleSessionName: "MyApiClient", // optional, default value is "axios"
},
});
```
Expand Down
5 changes: 4 additions & 1 deletion src/credentials/assumeRoleCredentialsProvider.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ export class AssumeRoleCredentialsProvider implements CredentialsProvider {
...options,
region: options.region || process.env.AWS_REGION,
expirationMarginSec: options.expirationMarginSec || 5,
roleSessionName: options.roleSessionName || "axios",
};

this.sts = new STSClient({ region: this.options.region });
Expand Down Expand Up @@ -48,7 +49,7 @@ export class AssumeRoleCredentialsProvider implements CredentialsProvider {
const res = await this.sts.send(
new AssumeRoleCommand({
RoleArn: this.options.roleArn,
RoleSessionName: "axios",
RoleSessionName: this.options.roleSessionName,
})
);

Expand All @@ -64,10 +65,12 @@ export interface AssumeRoleCredentialsProviderOptions {
roleArn: string;
region?: string;
expirationMarginSec?: number;
roleSessionName?: string;
}

export interface ResolvedAssumeRoleCredentialsProviderOptions {
roleArn: string;
region?: string;
expirationMarginSec: number;
roleSessionName: string;
}
9 changes: 9 additions & 0 deletions src/interceptor.ts
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,14 @@ export interface InterceptorOptions {
* Used only if assumeRoleArn is provided.
*/
assumedRoleExpirationMarginSec?: number;
/**
* An identifier for the assumed role session.
* Use the role session name to uniquely identify a session when the same role is
* assumed by different principals or for different reasons.
* In cross-account scenarios, the role session name is visible to,
* and can be logged by the account that owns the role.
*/
assumeRoleSessionName?: string;
}

export interface SigningOptions {
Expand Down Expand Up @@ -106,6 +114,7 @@ export const aws4Interceptor = <D = any>({
roleArn: options.assumeRoleArn,
region: options.region,
expirationMarginSec: options.assumedRoleExpirationMarginSec,
roleSessionName: options.assumeRoleSessionName,
});
} else {
credentialsProvider = new SimpleCredentialsProvider(credentials);
Expand Down

0 comments on commit 3b8319f

Please sign in to comment.