2 months ago
Hi folks,
I want to call into an AWS service (agentcore bedrock if it matters) and my platform team wants to know if my application can do AWS role assumption, instead of using hardcoded/static AWS access keys/secrets.
I searched the forum and the docs and didn't see any mention of this.
Is there any way to assume a role for AWS resource access?
4 Replies
2 months ago
We don't currently offer native workload identity federation or OIDC token issuance for services, so there's no built-in way to do AWS STS AssumeRoleWithWebIdentity directly from a Railway workload. For now, the approach would be to store AWS credentials (access key ID and secret) as environment variables on your service, which can be sealed for extra security so they're never visible in the UI or API after being set.
Status changed to Awaiting User Response Railway • 2 months ago
nico
We don't currently offer native workload identity federation or OIDC token issuance for services, so there's no built-in way to do AWS STS AssumeRoleWithWebIdentity directly from a Railway workload. For now, the approach would be to store AWS credentials (access key ID and secret) as environment variables on your service, which can be [sealed](https://docs.railway.com/variables#sealed-variables) for extra security so they're never visible in the UI or API after being set.
2 months ago
Thanks for letting me know. My operations team is pretty unhappy with that. How can I file a feature request for this?
Status changed to Awaiting Railway Response Railway • 2 months ago
2 months ago
You can write your feature request and view the roadmap here -> https://station.railway.com/feedback
Status changed to Awaiting User Response Railway • 2 months ago
2 months ago
Thanks, you can close this out; I filed a feature request: https://station.railway.com/feedback/allow-for-integration-with-aws-using-rol-f37b8e64
Status changed to Awaiting Railway Response Railway • 2 months ago
Status changed to Solved brody • 2 months ago