From addb646bd26632a4d9e0a9d517414e91153d8308 Mon Sep 17 00:00:00 2001
From: Lachlan Donald <lachlan@ljd.cc>
Date: Tue, 24 Jan 2017 14:55:34 +1100
Subject: [PATCH] Provide an admin policy for federated login

---
 login.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/login.go b/login.go
index e29dc3509..d20fa3eb5 100644
--- a/login.go
+++ b/login.go
@@ -21,6 +21,8 @@ import (
 	"gopkg.in/alecthomas/kingpin.v2"
 )
 
+const allowAllIAMPolicy = `{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"*","Resource":"*"}]}`
+
 type LoginCommandInput struct {
 	Profile                 string
 	Keyring                 keyring.Keyring
@@ -174,6 +176,7 @@ func getFederationToken(creds credentials.Value, d time.Duration) (*sts.Credenti
 	params := &sts.GetFederationTokenInput{
 		Name:            aws.String("federated-user"),
 		DurationSeconds: aws.Int64(int64(d.Seconds())),
+		Policy:          aws.String(allowAllIAMPolicy),
 	}
 
 	if username, _ := getUserName(creds); username != "" {