I am trying to provide feedback on this IAM docs page. When I click the feedback link, it takes me to here which fails when I submit with this error:
HTTP Status 400 – Bad Request
Type Exception Report
Message Request header is too large
Description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).
Exception
java.lang.IllegalArgumentException: Request header is too large
org.apache.coyote.http11.Http11InputBuffer.parseHeaders(Http11InputBuffer.java:629)
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:535)
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:847)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1680)
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:750)
Note The full stack trace of the root cause is available in the server logs.
Apache Tomcat/8.5.75
Consequently, I'll provide my feedback here. Reading over the docs here it would appear you are using the wrong condition operator modifier on this page
Wouldn't this require that SourceIdentity
be set to both Saanvi
and Diego
, not either or:
"StringLike": {
"sts:SourceIdentity": [
"Saanvi",
"Diego"
]
}
Shouldn't it be?:
"ForAnyValue:StringEquals": {
"sts:SourceIdentity": [
"Saanvi",
"Diego"
]
}
Also you appear to arbitrarily be using StringLike
instead of StringEquals
throughout:
"Condition": {
"StringLike": {
"sts:SourceIdentity": "${aws:username}"
}
}
Although there are no wildcards in this if you want an exact match, wouldn't it be more clear to use StringEquals
?