security token expired errors after several hours on EC2
chanind opened this issue · 3 comments
I'm using this library in EC2 to connect to elasticsearch via the python elasticsearch library. This works fine for several hours but then all requests start failing with 403 The security token included in the request is expired errors. It seems like whatever token this library is using is expiring and the library isn't handling requesting a new token. I'm using credentials pulled from the boto3 session.
Hi @chanind that behavior you're describing sounds possible. aws-requests-auth does nothing to refresh or otherwise renew the credentials you pass to it. Whatever credentials you give it are the credentials that will be used to sign requests until the class instance is destroyed.
There are a number of different approaches you can take to build something that ensures your credentials don't expire including adjusting how you provision IAM roles in AWS. Something I stumbled upon recently is a wrapper that Yelp built around AWSRequestsAuth called RefeshableAWSRequestsAuth. You might be able to leverage ideas in that file to build something for your own use.
You can also checkout a recent addition to this package (BotoAWSRequestsAuth) which @tobiasmcnulty contributed in #29
It may help with your expiring credentials problem -- find full details at the bottom of the README
Awesome! Looks great! Thanks for adding this