Tokens expire after an hour

Question

Tokens expire after an hour

e1ven opened this issue 7 years ago · 5 comments

My understanding is that the session tokens last for 12 hours, but the assumerole credentials that come back only last for an hour.

Are you re-running this every hour? What do you do for processes which need more than hour to complete? For some apps I've re-written them to handle their own tokens, but how do you handle this on your team?

Answer 1 · 2018-04-05T01:33:54.000Z

Interesting, which processes are you running yourself that (from the client) require more than an hour to complete when interacting with AWS?

Answer 2 · 2018-04-06T13:03:41.000Z

Mostly analytics.
It turns out to be fortuitous timing. Roles can now be up to 12 hours.
https://aws.amazon.com/about-aws/whats-new/2018/03/longer-role-sessions/

Answer 3 · 2018-04-09T06:07:39.000Z

Awesome, thanks a lot for the reference! Just right now one of my colleagues ran into this issue and the terraform state got truncated :-!

Answer 4 · 2018-05-15T02:54:22.000Z

AFAICT with PR #21 merged in this can be closed?

Also @grahamjenson, PR #20 apparently broke the bats testing suite since it was not merged in before release?:

$ bats test/assume-role.bats
 ✗ should work
   (in test file test/assume-role.bats, line 72)
     `[ "${lines[6]}" = 'export AWS_ACCOUNT_ID="123456789012";' ]' failed

/cc @reisingerf

Answer 5 · 2018-05-15T16:16:25.000Z

You can specify AWS_ROLE_SESSION_TIMEOUT for increasing timeout, default remains an hour.

I usually run this every hour. A bit annoying but not too bad.

Also, tests are now passing and CircleCI is setup, so no more PRs can break tests.