Connector Improvement: Custom Connector SDK AWS Role Assumption
Answered
Hi, I have a custom connector that connects to an AWS service. I'm currently storing hardcoded AWS Access Key Id and Secret Access Key, but I'd prefer to use role assumption in the same way that the other AWS-based connectors do.
A possible implementation would be like Github Actions' - have the connector runtime inject a signed JWT, publish the public keys, allow AWS customers to configure that signer as a trusted authority, then we can assume a role with AssumeRoleWithWebIdentity.
-
Official comment
Hi Luke,
Thank you for this detailed suggestion. We would like to supporting AWS role assumption for custom connectors as it aligns with existing best practices for managing credentials within cloud environments. When we have previously explored it we weren't comfortable that we could do it in a fully secure way.
I've passed your idea to the developer team to consider as part of our backlog and will keep this thread updated as there is progress on the request.
Thanks,
Alison
Please sign in to leave a comment.
Comments
1 comment