include aws_signing_helper with amazon/aws-cli image

[gtaws]

Describe the feature

include aws_signing_helper in the image so that customers can adopt IAM Roles Anywhere for authentication and authorization and avoid IAM users.

Use Case

As more and more customers are being on-boarded to AWS, users would need a frictionless path to adopting AWS security best practices, such as discouraging use of IAM users. the amazon/aws-cli image needs to be custom built or custom mount the aws_signing_helper, which forces ownership back to customers just to combine utilities owned by AWS. This is a poor customer experience, and limits adoption of IAM Roles Anywhere. adding this will allow customers to run hybrid environments and workstations that can accelerate AWS development and migrations.

Proposed Solution

build aws_signing_helper and copy into aws-cli image.

Other Information

although I saw the issue that says issues lie on base image owner (Amazon Linux) to resolve lib deps on ARM64, it's not customer obsessed to ask the customers to open individual github issues to resolve AWS coordination issues.

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CLI version used

2.24.1

Environment details (OS name and version, etc.)

dietpi 9.10.0 arm64 and amd64

[khushail]

@gtaws , thanks for requesting this. Although this is among the best AWS practices to use temporary security credentials than static ones, and aws_signing_helper provides such temp credentials , I would reach out to internal team to discuss the feasibility of including this one. As this might be a breaking change, will ask them to share insights on this request.

Thanks.

[khushail]

Hi @gtaws , I reached out to team for their inisghts on the issue. Looks like its not something team would recommend supporting as whatever functionalities are provided in the base CLI image, only those are supported currently and this won't change for the next version. So I am sorry to say this feature won't be supported.

However it would be great if you could share more insights reg your usecase and why you insist on doing it through aws_singing_helper.

[github-actions]

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.