From 68c12c6e10fc18ef65fcdf44be29d8c45655c57c Mon Sep 17 00:00:00 2001
From: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>
Date: Wed, 11 Aug 2021 14:51:00 -0700
Subject: [PATCH] [Docs] Add documentation for username_template feature in AWS
 Secrets Engine (#12310)

* add username_template docs

* remove backticks

* update default template to be readable

* undo markdown block

* add md block to render indents
---
 website/content/api-docs/secret/aws.mdx | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/website/content/api-docs/secret/aws.mdx b/website/content/api-docs/secret/aws.mdx
index 48254cc21e..5cb4c09494 100644
--- a/website/content/api-docs/secret/aws.mdx
+++ b/website/content/api-docs/secret/aws.mdx
@@ -58,6 +58,22 @@ valid AWS credentials with proper permissions.
 
 - `sts_endpoint` `(string: <optional>)` – Specifies a custom HTTP STS endpoint to use.
 
+- `username_template` `(string: <optional>)` - [Template](/docs/concepts/username-templating) describing how
+  dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) 
+  and STS usernames (capped at 32 characters). Longer usernames result in a 500 error.
+
+  To ensure generated usernames are within length limits for both STS/IAM, the template must adequately handle
+  both conditional cases (see [Conditional Templates](https://pkg.go.dev/text/template)). As an example, if no template
+  is provided the field defaults to the template:
+
+  ```
+  {{ if (eq .Type "STS") }}
+      {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
+  {{ else }}
+      {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
+  {{ end }}
+  ```
+
 ### Sample Payload
 
 ```json