diff --git a/builtin/logical/aws/backend_test.go b/builtin/logical/aws/backend_test.go index d739c9a37c4a..274004399393 100644 --- a/builtin/logical/aws/backend_test.go +++ b/builtin/logical/aws/backend_test.go @@ -1438,7 +1438,6 @@ func testAccStepReadIamGroups(t *testing.T, name string, groups []string) logica } func TestBackend_iamTagsCrud(t *testing.T) { - t.Parallel() logicaltest.Test(t, logicaltest.TestCase{ AcceptanceTest: true, LogicalBackend: getBackend(t), diff --git a/builtin/logical/aws/secret_access_keys.go b/builtin/logical/aws/secret_access_keys.go index 9e7b9310edcd..3a4a3f0afa0f 100644 --- a/builtin/logical/aws/secret_access_keys.go +++ b/builtin/logical/aws/secret_access_keys.go @@ -288,16 +288,16 @@ func (b *backend) secretAccessKeysCreate( } } - if len(role.IAMTags) > 0 { - var tags []*iam.Tag - for key, value := range role.IAMTags { - // This assignment needs to be done in order to create unique addresses for - // these variables. Without doing so, all the tags will be copies of the last - // tag listed in the role. - k, v := key, value - tags = append(tags, &iam.Tag{Key: &k, Value: &v}) - } + var tags []*iam.Tag + for key, value := range role.IAMTags { + // This assignment needs to be done in order to create unique addresses for + // these variables. Without doing so, all the tags will be copies of the last + // tag listed in the role. + k, v := key, value + tags = append(tags, &iam.Tag{Key: &k, Value: &v}) + } + if len(tags) > 0 { _, err = iamClient.TagUser(&iam.TagUserInput{ Tags: tags, UserName: &username, diff --git a/website/content/api-docs/secret/aws.mdx b/website/content/api-docs/secret/aws.mdx index 5ac96728b1d5..5950043892ac 100644 --- a/website/content/api-docs/secret/aws.mdx +++ b/website/content/api-docs/secret/aws.mdx @@ -336,20 +336,47 @@ Using groups: ``` Using tags: -```json -{ - "credential_type": "iam_user", - "iam_tags": ["first_key=first_value", "second_key=second_value"] -} -``` - -Using tags with CLI: -```bash -vault write aws/roles/example-role \ -credential_type=iam_user \ -iam_tags="first_key=first_value" \ -iam_tags="second_key=second_value" \ -``` + + + ```json + { + "credential_type": "iam_user", + "iam_tags": [ + "first_key=first_value", + "second_key=second_value" + ] + } + ``` + or + ```json + { + "credential_type": "iam_user", + "iam_tags": { + "first_key": "first_value", + "second_key": "second_value" + } + } + ``` + + + ```bash + vault write aws/roles/example-role \ + credential_type=iam_user \ + iam_tags="first_key=first_value" \ + iam_tags="second_key=second_value" \ + ``` + or + ```bash + vault write aws/roles/example-role \ + credential_type=iam_user \ + iam_tags=@test.json + ``` + where test.json is + ```json + ["tag1=42", "tag2=something"] + ``` + + ## Read Role