I’ve found this series of changes to how GCP/AWS Roles Map the role to identity entity alias’ and had a question.
Many of these PRs talk about metadata included in the audit logs & in the Identity System like what’s included can be specified for both, but the configuration of these parameters appear to only support setting it once and then it’d be applied to both the audit logs and the entity alias metadata.
For example it’d be useful in audit logs to have the instance ID on a tokens audit entries, but I might not care to have it (and have it force updated for each instance that uses a role) in the identity system, but that doesn’t seem possible.
Is this correct?