Clarify that AWS_CREDENTIAL_EXPIRATION is optional when using AWS_SESSION_TOKEN

Question

Clarify that AWS_CREDENTIAL_EXPIRATION is optional when using AWS_SESSION_TOKEN

Closed this issue 2 years ago · 3 comments

In this section of credentials.md around leveraging environment variables, it implies that AWS_CREDENTIAL_EXPIRATION is required if AWS_SESSION_TOKEN is also leveraged:

If you have a session token from temporary security credentials, you can set it and its expiration time in environment variables AWS_SESSION_TOKEN and AWS_CREDENTIAL_EXPIRATION:

However I've noticed that:

I've still been able to successfully authenticate by providing only AWS_SESSION_TOKEN
The credentials verification process (https://github.com/paws-r/paws/blob/main/paws.common/R/credentials.R#L49-L51) only asserts that, when provided, the value of AWS_CREDENTIAL_EXPIRATION is valid.

Proposal: Clarify in documentation that AWS_CREDENTIAL_EXPIRATION is an optional argument, whereas AWS_SESSION_TOKEN is required. Or, if there are cases where the former is required, then clarify accordingly.

Answer 1 · 2022-10-21T00:03:35.000Z

Thanks for raising this @fh-mthomson I will update the documentation :)

Answer 2 · 2022-12-01T14:11:42.000Z

@fh-mthomson did your PR #559 fix this issue? If so please close this ticket 😄

Answer 3 · 2022-12-01T15:51:03.000Z

It did. Thanks, I'll close!