ncc-erik-steringer
commented
5 years ago Adding resumption is definitely a good idea. It probably won't be a 1.0.0 release feature, but a subsequent release feature. We would probably do something like break up the graphing steps into multiple parts: pulling nodes, groups, policies, then getting the edges. After each stage, the data is written to disk and tracked in the graph metadata. From there, we have --resume as a parameter for the graph subcommand.
On a side note, I'd be interested to see if anyone out there has already done anything for auto credential refreshing with botocore/Boto3 scripts when using temp creds. It'd be better to incorporate that, instead of rolling something new.
Greetings,
While testing this against several accounts, I've run into issues with role session limits that I don't have control over. In the case that prompted this request we are forced to use SAML with STS and I'm limited to a maximum of a 3h session limit.
I'm currently using the v1.0.0-dev branch. Is there a way to enable caching of results so that a subsequent re-run would pick up after the last successful API pulls and mapping? Is there a way to defer graph creation until all required data is collected?
Without changes to caching and code flow, if a routine to check for updated credentials were added between API pulls that may do the trick.