Question
Express Scripts
US
Last activity: 26 Nov 2024 13:20 EST
AWS Authentication Profile without IAM Credentials
I am trying to configure AWS S3 repository. In the repository rule, as yo know, we have to provide the AWS Auth Profile. AWS Auth Profile requires AWS Access Key ID and Secret Access Key of IAM User.
Issue here is, our enterprise AWS account does not allow IAM users. Policy requires that all AWS logins must be federated thru IAM roles integrated with Okta/AD SSO.
How we can create AWS Authentication profile in Pega when Company policy does not allow creating IAM users?
One of the workaround we are tried was to get temporary access credentials (access key id and secret access key) using SAML2AWS (https://github.com/Versent/saml2aws).
Approach was to periodically refresh the Pega AWS Authentication profile with temporary credentials retrieved using SAML2AWS. However, AWS authentication is not working with temporary credentials.
Any recommendation / best practices?