From aa3b9e8e3eec10d225e585ab463524493334c2af Mon Sep 17 00:00:00 2001
From: Ashish Dhingra <67916761+ashishdhingra@users.noreply.github.com>
Date: Mon, 3 Jun 2024 15:17:41 -0700
Subject: [PATCH] Exposed ExternalId property in AWS options for assumed role
 session credentials.

---
 .../src/AWSSDK.Extensions.NETCore.Setup/AWSOptions.cs    | 5 +++++
 .../AWSSDK.Extensions.NETCore.Setup.nuspec               | 2 +-
 .../src/AWSSDK.Extensions.NETCore.Setup/ClientFactory.cs | 9 ++++++++-
 .../ConfigurationExtensions.cs                           | 5 +++++
 extensions/test/NETCore.SetupTests/ConfigurationTests.cs | 1 +
 .../TestFiles/GetRoleNameAndSessionNameTest.json         | 1 +
 6 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/extensions/src/AWSSDK.Extensions.NETCore.Setup/AWSOptions.cs b/extensions/src/AWSSDK.Extensions.NETCore.Setup/AWSOptions.cs
index 4d95ed613d03..da72c7925b1b 100644
--- a/extensions/src/AWSSDK.Extensions.NETCore.Setup/AWSOptions.cs
+++ b/extensions/src/AWSSDK.Extensions.NETCore.Setup/AWSOptions.cs
@@ -59,6 +59,11 @@ public class AWSOptions
         /// </summary>
         public string SessionName { get; set; } = "DefaultSessionName";
 
+        /// <summary>
+        /// A unique identifier that is used by third parties for the assumed session using the SessionRoleArn.
+        /// </summary>
+        public string ExternalId { get; set; }
+
         /// <summary>
         /// AWS Credentials used for creating service clients. If this is set it overrides the Profile property.
         /// </summary>
diff --git a/extensions/src/AWSSDK.Extensions.NETCore.Setup/AWSSDK.Extensions.NETCore.Setup.nuspec b/extensions/src/AWSSDK.Extensions.NETCore.Setup/AWSSDK.Extensions.NETCore.Setup.nuspec
index e1e4f8ccce36..3d441bb1788b 100644
--- a/extensions/src/AWSSDK.Extensions.NETCore.Setup/AWSSDK.Extensions.NETCore.Setup.nuspec
+++ b/extensions/src/AWSSDK.Extensions.NETCore.Setup/AWSSDK.Extensions.NETCore.Setup.nuspec
@@ -3,7 +3,7 @@
   <metadata> 
     <id>AWSSDK.Extensions.NETCore.Setup</id>
     <title>AWSSDK - Extensions for NETCore Setup</title>
-    <version>3.7.300</version>
+    <version>3.7.301</version>
     <authors>Amazon Web Services</authors>
     <description>Extensions for the AWS SDK for .NET to integrate with .NET Core configuration and dependency injection frameworks.</description>
     <language>en-US</language>
diff --git a/extensions/src/AWSSDK.Extensions.NETCore.Setup/ClientFactory.cs b/extensions/src/AWSSDK.Extensions.NETCore.Setup/ClientFactory.cs
index 734764fb313c..bfb386059098 100644
--- a/extensions/src/AWSSDK.Extensions.NETCore.Setup/ClientFactory.cs
+++ b/extensions/src/AWSSDK.Extensions.NETCore.Setup/ClientFactory.cs
@@ -86,7 +86,14 @@ internal static IAmazonService CreateServiceClient(ILogger logger, Type serviceI
 
             if (!string.IsNullOrEmpty(options?.SessionRoleArn))
             {
-                credentials = new AssumeRoleAWSCredentials(credentials, options.SessionRoleArn, options.SessionName);
+                if (string.IsNullOrEmpty(options?.ExternalId))
+                {
+                    credentials = new AssumeRoleAWSCredentials(credentials, options.SessionRoleArn, options.SessionName);
+                }
+                else
+                {
+                    credentials = new AssumeRoleAWSCredentials(credentials, options.SessionRoleArn, options.SessionName, new AssumeRoleAWSCredentialsOptions() { ExternalId = options.ExternalId });
+                }
             }
 
             var config = CreateConfig(serviceInterfaceType, options);
diff --git a/extensions/src/AWSSDK.Extensions.NETCore.Setup/ConfigurationExtensions.cs b/extensions/src/AWSSDK.Extensions.NETCore.Setup/ConfigurationExtensions.cs
index 3b555e2c14ba..dce9dc24128d 100644
--- a/extensions/src/AWSSDK.Extensions.NETCore.Setup/ConfigurationExtensions.cs
+++ b/extensions/src/AWSSDK.Extensions.NETCore.Setup/ConfigurationExtensions.cs
@@ -183,6 +183,11 @@ public static AWSOptions GetAWSOptions(this IConfiguration config, string config
                 options.SessionName = section["SessionName"];
             }
 
+            if (!string.IsNullOrEmpty(section["ExternalId"]))
+            {
+                options.ExternalId = section["ExternalId"];
+            }
+
             var loggingSection = section.GetSection("Logging");
             if(loggingSection != null)
             {
diff --git a/extensions/test/NETCore.SetupTests/ConfigurationTests.cs b/extensions/test/NETCore.SetupTests/ConfigurationTests.cs
index ca2425b88f2a..d43ed1ace40f 100644
--- a/extensions/test/NETCore.SetupTests/ConfigurationTests.cs
+++ b/extensions/test/NETCore.SetupTests/ConfigurationTests.cs
@@ -49,6 +49,7 @@ public void GetRoleNameAndSessionName()
             Assert.Equal(RegionEndpoint.USWest2, options.Region);
             Assert.Equal("arn:aws:iam::123456789012:role/fake_role", options.SessionRoleArn);
             Assert.Equal("TestSessionName", options.SessionName);
+            Assert.Equal("TestExternalId", options.ExternalId);
 
             IAmazonS3 client = options.CreateServiceClient<IAmazonS3>();
             Assert.NotNull(client);
diff --git a/extensions/test/NETCore.SetupTests/TestFiles/GetRoleNameAndSessionNameTest.json b/extensions/test/NETCore.SetupTests/TestFiles/GetRoleNameAndSessionNameTest.json
index 56ca1bebab1e..aa8c6ee8e7ab 100644
--- a/extensions/test/NETCore.SetupTests/TestFiles/GetRoleNameAndSessionNameTest.json
+++ b/extensions/test/NETCore.SetupTests/TestFiles/GetRoleNameAndSessionNameTest.json
@@ -2,6 +2,7 @@
   "AWS": {
     "SessionRoleArn": "arn:aws:iam::123456789012:role/fake_role",
     "SessionName": "TestSessionName",
+    "ExternalId":  "TestExternalId",
     "Region": "us-west-2"
   }
 }