When fetching temporary credentials using STS, the returned credentials have an expiration date. When the credentials are used, then this expiration is used. It's generally better to shorten the expiration, so it can deal with:
Latency between expiration check on the client and processing the actual signed request on the server.
Small time deviations between client and server.
The minio-go code deals with this when storing the expiration in the client. It's always stored by decreasing the expiration date using a fixed duration or sets it at 80% of the original expiration. That will ensure that the credentials are refreshed well before they expire.
When fetching temporary credentials using STS, the returned credentials have an expiration date. When the credentials are used, then this expiration is used. It's generally better to shorten the expiration, so it can deal with:
The
minio-gocode deals with this when storing the expiration in the client. It's always stored by decreasing the expiration date using a fixed duration or sets it at 80% of the original expiration. That will ensure that the credentials are refreshed well before they expire.