99designs / aws-vault

A vault for securely storing and accessing AWS credentials in development environments
MIT License
8.52k stars 820 forks source link

Configure aws-vault to cache role tokens #1222

Closed Supermathie closed 2 months ago

Supermathie commented 1 year ago

We would like to have aws-vault cache role tokens.

By default, a new session is created for every invocation which means a round trip to AWS and back to retrieve the new token. For our people in more remote regions this means a round trip on every invocation which we'd like to avoid.

We ask that instead of retrieving a new role token on every call, we can instruct aws-vault to remember it for a period of time and return that instead of a new one.

If this is not already possible, would you be open to a PR implementing such a thing?

e.g. instead of:

○ → aws-vault export prod | grep AWS_ACCESS_KEY_ID
AWS_ACCESS_KEY_ID=ASIAQ2NCZ6TQXGPG4QWB

○ → aws-vault export prod | grep AWS_ACCESS_KEY_ID
AWS_ACCESS_KEY_ID=ASIAQ2NCZ6TQRW6FRWUG

we get:

○ → aws-vault export prod | grep AWS_ACCESS_KEY_ID
AWS_ACCESS_KEY_ID=ASIAQ2NCZ6TQXGPG4QWB

○ → aws-vault export prod | grep AWS_ACCESS_KEY_ID
AWS_ACCESS_KEY_ID=ASIAQ2NCZ6TQXGPG4QWB

[profile root-account] mfa_serial = arn:aws:iam::111111111111:mfa/supermathie

[profile prod] source_profile = root-account role_arn = arn:aws:iam::222222222222:role/admin mfa_serial = arn:aws:iam::111111111111:mfa/supermathie region = us-west-2

github-actions[bot] commented 9 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

blowfishpro commented 9 months ago

The extra round trips can add up. One example is where IAM roles are used to provide EKS access tokens, and then some scripting is done around kubectl that ends up invoking the token generator multiple times.

github-actions[bot] commented 3 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.