It looks like in both adapters the credential_duration_seconds function clamps to a max of 3600 seconds (1 hour) - I'm not sure if this was a previous default of AWS, but assuming this is the correct parameter it looks like AssumeRole has a maximum of 43200 seconds (12 hours).
provide no bounds checking and allow the call to failure from AWS, as max session duration set on a role may still be lower than 3600 seconds and that would still fail today appropriately
Current behavior
It looks like in both adapters the
credential_duration_seconds
function clamps to a max of 3600 seconds (1 hour) - I'm not sure if this was a previous default of AWS, but assuming this is the correct parameter it looks like AssumeRole has a maximum of 43200 seconds (12 hours).Expected behavior
I'd expect this function to either: