The JWT (JSON Web Token) plugin provides an interface that uses JSON Web Tokens to assume
an Amazon IAM role. The configuration depends on the identity provider. For information
about configuring federation for Google Cloud and AWS, see Configure workload identity federation with AWS or Azure
Authentication type
Connection string name | Parameter type | Default value | Connection string example |
---|---|---|---|
AuthenticationType | Required | IAM Credentials |
AuthenticationType=JWT; |
Preferred role
The Amazon Resource Name (ARN) of the role to assume. For more information about ARN roles, see AssumeRole in the AWS Security Token Service API Reference.
Connection string name | Parameter type | Default value | Connection string example |
---|---|---|---|
preferred_role | Optional | none |
preferred_role=arn:aws:IAM::123456789012:id/user1; |
Session duration
The duration, in seconds, of the role session. For more information about session duration, see AssumeRole in the AWS Security Token Service API Reference.
Connection string name | Parameter type | Default value | Connection string example |
---|---|---|---|
duration | Optional | 900 |
duration=900; |
JSON web token
The JSON web token that is used to retrieve IAM temporary credentials using the
AssumeRoleWithWebIdentity AWS STS API action. For information about
generating JSON web tokens for Google Cloud Platform (GCP) users, see Using JWT OAuth tokens
Connection string name | Parameter type | Default value | Connection string example |
---|---|---|---|
web_identity_token |
Required | none |
web_identity_token=eyJhbGc...<remainder of
token>; |
Role session name
A name for the session. A common technique is to use the name or identifier of the user of your application as the role session name. This conveniently associates the temporary security credentials that your application uses with the corresponding user.
Connection string name | Parameter type | Default value | Connection string example |
---|---|---|---|
role_session_name | Required | none |
role_session_name=familiarname; |