ECS Task Token Expired

[josnidhin]

I have an ECS Task with a ECS Task Role attached, which gives it permission to interact with SQS. Everything works fine most of the time but occasionally the task crashes with the following error.

The security token included in the request is expired

ECS starts another task to replace the crashed task and everything goes back to normal.

I have not looked into the codebase but I guess it has something to do with how the token expiry and refresh is handled. I would like to prevent this crash from occurring, is there some config that I missed which is causing this issue.

[pplu]

Hi,

This could be because we discard the credentials too late:

Compare https://github.com/pplu/aws-sdk-perl/blob/master/lib/Paws/Credential/ECSContainerProfile.pm#L80 to https://github.com/pplu/aws-sdk-perl/blob/master/lib/Paws/Credential/InstanceProfile.pm#L58 (which handles getting creds from an instance role, with almost the same logic).

Would you mind trying to adjust the expiry code for the ECSContainerProfile and report back if the errors have disappeared?

[josnidhin]

Thanks for the quick response I had concluded the same after the going through the code-base. I will try it out and will get back.

[josnidhin]

I had applied the change 2 weeks back which seems to have fixed the issue as I have not this error since the fix.

[dheffx]

We ran into this same issue. Any plans to get this merged into the module? Would prefer to see this patched into Paws as a permanent fix rather than needing to modify ECSContainerProfile ourselves.

[pplu]

@dheffx : Can you please send a pull request with your fix? It really helps go faster.

[dheffx]

Sure, here ya go: https://github.com/pplu/aws-sdk-perl/pull/421