Create User to Login on AWS Management Console

dmrSec · February 29, 2020, 11:21pm

Hello.

I´m using hashicorp vaul with AWS secrets engine to create temporary users on aws.
Using this example bellow of iam role is possible create a user.

vault write aws/roles/my-role
credential_type=iam_user
policy_document=-<<EOF
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “ec2:",
“Resource”: "”
}
]
}

vault read aws/creds/my-role

lease_id aws/creds/my-role/f3e92392-7d9c-09c8-c921-575d62fe80d8
lease_duration 768h
lease_renewable true
access_key AKIAIOWQXTLW36DV7IEA
secret_key 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
security_token

The problem is, after this users was created is not possible login on AWS Management Console, because this user is only to user on aws cli, boto3 for example.
Is possible create a user using vault to logon on aws management console ?
If yes, How do it ?
Thanks

joelthompson · April 2, 2020, 4:45am

Hey @dmrSec – sorry I hadn’t seen this earlier There’s an open feature request for this in GitHub at https://github.com/hashicorp/vault/issues/8537

Cajga · July 22, 2022, 2:32pm

Unfortunately, still no ETA for implementation.