Closed keimiller-expediagroup closed 2 years ago
Adding resumption is definitely a good idea. It probably won't be a 1.0.0 release feature, but a subsequent release feature. We would probably do something like break up the graphing steps into multiple parts: pulling nodes, groups, policies, then getting the edges. After each stage, the data is written to disk and tracked in the graph metadata. From there, we have --resume
as a parameter for the graph
subcommand.
On a side note, I'd be interested to see if anyone out there has already done anything for auto credential refreshing with botocore/Boto3 scripts when using temp creds. It'd be better to incorporate that, instead of rolling something new.
Closing. Looks like https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-credential_process.html is the best way to handle this need, since it'll do auto-refresh as long as the Expiration
field is correctly set.
Greetings,
While testing this against several accounts, I've run into issues with role session limits that I don't have control over. In the case that prompted this request we are forced to use SAML with STS and I'm limited to a maximum of a 3h session limit.
I'm currently using the v1.0.0-dev branch. Is there a way to enable caching of results so that a subsequent re-run would pick up after the last successful API pulls and mapping? Is there a way to defer graph creation until all required data is collected?
Without changes to caching and code flow, if a routine to check for updated credentials were added between API pulls that may do the trick.