Need for sts:TagSession Permission

[luke-perry]

We are using the AWS Deploy CloudFormation Stack Github Action to configure AWS accounts that are created via AWS Organizations.

Of course, we are first using this action for credential configuration and assuming a role. However, this credential action does session tagging which requires the sts:TagSession permission. This need for tagging is of course documented in the readme of this action. However, in our case, the tag is needed in the trust policy of the OrganizationAccountAccessRole in the member account that is created by AWS Organizations.

This results in manual effort/intervention to our automated process. We have to configure the root user for the member account created by AWS Organizations to add the permission to the trust policy.

Would it be possible to make the session tagging optional?

[KeifferCulbreth]

@allisaurus if you think the functionality that @luke-perry suggested is desired, I can make a PR. I think it would be nice to have

[allisaurus]

@KeifferCulbreth If you're willing to submit a PR that allows for opting-out of session tagging, that would be great, thank you!