Closed youngpm closed 2 years ago
Hi, can you confirm if this is still persisting with the latest version of SDK?
This issue has not received a response in 1 week. If you want to keep this issue open, please just leave a comment below and auto-close will be canceled.
I recently observed this behaviour while using the Telegraf Agent to send metrics to CloudWatch.
When using the amazon-ssm-agent to write credentials to /var/lib/amazon/ssm/credentials
the Telegraf agent will run until the aws_session_token is refreshed (Usually 1 hour) and then start to generate the error api error ExpiredToken: The security token included in the request is expired
on subsequent PutMetricData requests.
Can the SDK refresh the shared credentials periodically when using a session token and in response to an ExpiredToken error?
Tested with Go version 1.20.4 and AWS SDK version 1.18.0
Confirm by changing [ ] to [x] below to ensure that it's a bug:
Describe the bug My credentials are not refreshing for a long running S3 upload when they come from a profile that assumes a role. After starting the upload, I get an error of the form:
and the time corresponds to the expiry of the role's credentials; it appears the credential cache doesn't refresh them.
I'm running on my local development machine and initializing the config via
with
AWS_PROFILE=myprofile
and where the profile's~.aws/config
is grabbing its credentials via the a profile that assumes a role like below:Version of AWS SDK for Go? v1.9.1
Version of Go (
go version
)? 1.17.1To Reproduce (observed behavior) See the snippet in the description above; get creds from a profile that assumes a role, and use them until you hit the expiry.
Expected behavior The credentials should automatically refresh before expiring.
Additional context Running
yields
which makes me think the expiry is set to never refresh.