AWX Credential Type for AWS IAM Roles

, ,

As a proof of concept, I did some work for a client to build a custom credential lookup plugin that allows you to use AWS IAM Role Assumption when automating AWS targets. The Credential Lookup uses either the default execution environment AWS creds, or provided creds, then uses the AWS AssumeRole API to assume another AWS IAM Role, then returns the temporarily assumed credentials for use in the actual execution job.

Effectively, this means you don’t have to store long-lived credentials for an AWS account with wide-ranging permissions over a large AWS estate.

Is there any interest in me tidying this up and contributing it to the AWX project?

1 Like

Yes please! And thank you!

+1 over here. I cannot use hard-coded credentials due to policy restrictions. This is a huge help.