Actions
Feature #62464
openiam policy: support the aws:MultiFactorAuthAge condition key
Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
% Done:
0%
Source:
Tags:
iam mfa
Backport:
Reviewed:
Affected Versions:
Pull request ID:
Description
allow iam policies to require MFA
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_configure-api-require.html#MFAProtectedAPI-policies
https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-MFA
we do support the x-amz-mfa
header and validate that in RadosUser::verify_mfa()
, but i don't think we have access to a timestamp to calculate a aws:MultiFactorAuthAge
. i'm also not sure how this x-amz-mfa
support interacts with STS
Actions