- Newest
- Most votes
- Most comments
I've encountered this as well. In addition to spaces, there are other characters that are permitted in an ExternalID but not permitted by the STS API, meaning that it is possible to create an ExternalId that can't be used.
It does seem like there is a discrepancy between the IAM Role Trusted Entities' "External ID" condition and the STS service's validation of the "externalId" parameter.
As you noted, the IAM Role Trusted Entities' "External ID" condition allows spaces in the value, while the STS service requires that the "externalId" parameter satisfy a regular expression pattern that does not allow spaces.
While this may not be a bug per se, it does seem like a potential inconsistency in the AWS platform's behavior. I recommend reporting this to AWS Support, as they will be able to investigate this issue further and determine if any changes need to be made to address this discrepancy.
Relevant content
- asked a year ago
- Accepted Answerasked a year ago
- asked 2 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago