Allow inline session policies for assuming role (#739)

* Allow to pass inline session policy as a parameter Update the action file Regenerate the dist/ content Add test * Fix typos * Fix stylistic error * Move the inline policy logic to allow assumeRole to use it as well; Update and add tests * Add an option for managed policies * Regenerate the dist/ files * Use multiline input for managed policies * Update readme * Update readme --------- Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2026-03-12 18:07:10 -04:00 · 2023-06-14 22:43:04 +01:00
parent ae734070a0
commit d00f6c6f41
5 changed files with 239 additions and 10 deletions
--- a/README.md
+++ b/README.md
@@ -320,6 +320,49 @@ within the Action. You can skip this session tagging by providing
        role-skip-session-tagging: true
 ```

+### Inline session policy
+An IAM policy in stringified JSON format that you want to use as an inline session policy.
+Depending on preferences, the JSON could be written on a single line like this:
+```yaml
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+         inline-session-policy: '{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:List*","Resource":"*"}]}'
+```
+Or we can have a nicely formatted JSON as well:
+```yaml
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+         inline-session-policy: >-
+          {
+           "Version": "2012-10-17",
+           "Statement": [
+            {
+             "Sid":"Stmt1",
+             "Effect":"Allow",
+             "Action":"s3:List*",
+             "Resource":"*"
+            }
+           ]
+          }
+```
+
+### Managed session policies
+The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies.
+The policies must exist in the same account as the role. You can pass a single managed policy like this:
+```yaml
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+         managed-session-policies: arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
+```
+And we can pass multiple managed policies likes this:
+```yaml
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+         managed-session-policies: |
+          arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
+          arn:aws:iam::aws:policy/AmazonS3OutpostsReadOnlyAccess
+```
+
 ## Self-Hosted Runners

 If you run your GitHub Actions in a