Closed Supermathie closed 2 months ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
The extra round trips can add up. One example is where IAM roles are used to provide EKS access tokens, and then some scripting is done around kubectl
that ends up invoking the token generator multiple times.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
We would like to have aws-vault cache role tokens.
By default, a new session is created for every invocation which means a round trip to AWS and back to retrieve the new token. For our people in more remote regions this means a round trip on every invocation which we'd like to avoid.
We ask that instead of retrieving a new role token on every call, we can instruct aws-vault to remember it for a period of time and return that instead of a new one.
If this is not already possible, would you be open to a PR implementing such a thing?
e.g. instead of:
we get:
.aws/config
(redacted if necessary)[profile root-account] mfa_serial = arn:aws:iam::111111111111:mfa/supermathie
[profile prod] source_profile = root-account role_arn = arn:aws:iam::222222222222:role/admin mfa_serial = arn:aws:iam::111111111111:mfa/supermathie region = us-west-2