Feature #62464: iam policy: support the aws:MultiFactorAuthAge condition key - rgw - Ceph

Actions

Copy link

Feature #62464

open

iam policy: support the aws:MultiFactorAuthAge condition key

Added by Casey Bodley 9 months ago. Updated 9 months ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

% Done:

Source:

Tags:

iam mfa

Backport:

Reviewed:

Affected Versions:

Pull request ID:

Description

allow iam policies to require MFA

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_configure-api-require.html#MFAProtectedAPI-policies
https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-MFA

we do support the x-amz-mfa header and validate that in RadosUser::verify_mfa(), but i don't think we have access to a timestamp to calculate a aws:MultiFactorAuthAge. i'm also not sure how this x-amz-mfa support interacts with STS

History
Property changes

Actions

Copy link

Updated by Casey Bodley 9 months ago

Description updated (diff)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph » rgw

Custom queries

Feature #62464

iam policy: support the aws:MultiFactorAuthAge condition key

Updated by Casey Bodley 9 months ago