`awsume -r` should reload credentials that were previous acquired with `awsume -a` flag

[felipe1982]

awsume -r <role> reloads credentials, but awsume -r expects a profile name.

I think awsume -r without a role name should reload ALL profiles that were previously executed with awsume -a <role_name>. This way I don't have to remember which profiles I had previously configured to automatically refresh.

Moreover, I think awsume -r <rolename> should act l like awsume -a <rolename>; awsume -r <rolename> if awsume -a was not run previously.

Great program! I love it and use it daily for my consulting work. Keep up the good work.

[mbarneyjr]

@felipe1982 Sorry for getting back to you so late, we appreciate the feedback!

The original intention for the functionality of the -r flag, before autoAwsume was developed, is to ignore the profile cache that AWSume stores (in the ~/.aws/cli/cache/ directory), and overwrite it if the get-session-token api call was successful.

Are you requesting functionality to manually refresh auto-refreshing profiles? If so, I'm not sure what the purpose would be, as autoAwsume itself handles refreshing those profiles for you.

We're always open to feedback and suggestions!

[felipe1982]

Thanks for getting back.

I was not aware that is how -r worked.

What is the difference then in calling with or without -r.? Both refresh a non autoAwsume profile.

Furthermore, There are times when -a is used, but then the next day comes an the role has not automatically resumed. There should be a command that refreshes all autoAwsumed roles found in credentials file.

Thoughts?

[mbarneyjr]

So user session credentials are good for a maximum of 12 hours, role session credentials are good for a maximum of 1 hour. When you use AWSume successfully, it caches the user credentials. By default it will read from those cache'd credentials as long as those credentials are valid. Once the 12 hours expires, the credentials become invalid and it can no longer use them. Running AWSume with -r calls get-session-token regardless of whether or not the cached credentials are valid or even exist yet. It's a way to manually get new session credentials by reloading them.

As for autoAwsume, it can only auto-refresh role credentials as long as the user credentials it needs to call assume-role are valid. It can't auto-refresh user credentials (due to MFA). So once you start auto-refreshing a role profile, those credentials will be refreshed only for as long as the user credentials are valid, and the same applies to any other profiles you have being refreshed under autoAwsume.