Skip to content

Commit 9fea292

Browse files
committed
feat: Add MFA serial and token support
1 parent 12e3392 commit 9fea292

File tree

5 files changed

+25
-1
lines changed

5 files changed

+25
-1
lines changed

action.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,12 @@ inputs:
2424
aws-session-token:
2525
description: AWS Session Token.
2626
required: false
27+
mfa-token:
28+
description: Token when the user/role requires MFA.
29+
required: false
30+
mfa-serial:
31+
description: Serial/ARN when the user/role requires MFA.
32+
required: false
2733
web-identity-token-file:
2834
description: Use the web identity token file from the provided file system path in order to assume an IAM role using a web identity, e.g. from within an Amazon EKS worker node.
2935
required: false

dist/cleanup/src/assumeRole.d.ts

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/index.js

Lines changed: 7 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/assumeRole.ts

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,8 @@ export interface assumeRoleParams {
7474
roleExternalId?: string;
7575
webIdentityTokenFile?: string;
7676
webIdentityToken?: string;
77+
mfaSerial?: string;
78+
mfaToken?: string;
7779
inlineSessionPolicy?: string;
7880
managedSessionPolicies?: any[];
7981
}
@@ -89,6 +91,8 @@ export async function assumeRole(params: assumeRoleParams) {
8991
roleSkipSessionTagging,
9092
webIdentityTokenFile,
9193
webIdentityToken,
94+
mfaSerial,
95+
mfaToken,
9296
inlineSessionPolicy,
9397
managedSessionPolicies,
9498
} = { ...params };
@@ -137,6 +141,8 @@ export async function assumeRole(params: assumeRoleParams) {
137141
ExternalId: roleExternalId ? roleExternalId : undefined,
138142
Policy: inlineSessionPolicy ? inlineSessionPolicy : undefined,
139143
PolicyArns: managedSessionPolicies?.length ? managedSessionPolicies : undefined,
144+
SerialNumber: mfaSerial,
145+
TokenCode: mfaToken,
140146
};
141147
const keys = Object.keys(commonAssumeRoleParams) as Array<keyof typeof commonAssumeRoleParams>;
142148
keys.forEach((k) => commonAssumeRoleParams[k] === undefined && delete commonAssumeRoleParams[k]);

src/index.ts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,8 @@ export async function run() {
3030
const maskAccountId = maskAccountIdInput.toLowerCase() === 'true';
3131
const roleExternalId = core.getInput('role-external-id', { required: false });
3232
const webIdentityTokenFile = core.getInput('web-identity-token-file', { required: false });
33+
const mfaSerial = core.getInput('mfa-serial', { required: false });
34+
const mfaToken = core.getInput('mfa-token', { required: false });
3335
const roleDuration = parseInt(core.getInput('role-duration-seconds', { required: false })) || DEFAULT_ROLE_DURATION;
3436
const roleSessionName = core.getInput('role-session-name', { required: false }) || ROLE_SESSION_NAME;
3537
const roleSkipSessionTaggingInput = core.getInput('role-skip-session-tagging', { required: false }) || 'false';
@@ -159,6 +161,8 @@ export async function run() {
159161
roleSkipSessionTagging,
160162
webIdentityTokenFile,
161163
webIdentityToken,
164+
mfaSerial,
165+
mfaToken,
162166
inlineSessionPolicy,
163167
managedSessionPolicies,
164168
});

0 commit comments

Comments
 (0)