I am new to vault and trying to migrate from token authentication to aws auth via the iam auth type - however, company policy prevents the use of the access_key and secret key. I am following the cli steps from here:
https://www.vaultproject.io/docs/auth/aws.html - except I omitted the write of the keys - so I did the following:
vault auth enable aws
vault write auth/aws/role/dev-role-iam auth_type=iam bound_iam_principal_arn=arn:aws:iam::203948755:role/MyAwsRole policies=prod max_ttl=500
I did not write the server header id as it appears to be optional.
This does not seem to be working, and indeed it looks too sparse for it to work. Could anyone suggest the step(s) I am missing?
Thanks in advance for all assistance.