Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Provide ARN of authenticated principal as output #1062

New issue
New issue
Closed
#1380
Closed
Provide ARN of authenticated principal as output#1062
#1380
Labels
feature-requestA feature should be added or improved.p2
@tsibley

Description

@tsibley
tsibley
opened on May 9, 2024

Describe the feature

Similar to how the account id of the authenticated principal is set:

configure-aws-credentials/src/helpers.ts

Lines 57 to 70 in ffc9011

// Obtains account ID from STS Client and sets it as output
export async function exportAccountId(credentialsClient: CredentialsClient, maskAccountId?: boolean) {
const client = credentialsClient.stsClient;
const identity = await client.send(new GetCallerIdentityCommand({}));
const accountId = identity.Account;
if (!accountId) {
throw new Error('Could not get Account ID from STS. Did you set credentials?');
}
if (maskAccountId) {
core.setSecret(accountId);
}
core.setOutput('aws-account-id', accountId);
return accountId;
}

it would be nice to have the ARN as well (e.g. from the same STS.GetCallerIdentity call).

Beyond providing it as an output that the calling workflow can use how it pleases, I'd also like to see the ARN output to logs by default, but I understand there are privacy/security implications to consider there.

Use Case

It's very useful to be able to expose the ARN to logs or for debugging/troubleshooting. Even this GitHub Action's README includes

aws sts get-caller-identity

in examples. :-)

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

Metadata

Metadata

Assignees

No one assigned

    Labels

    feature-requestA feature should be added or improved.p2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions