Refreshing session token does not update in connections

[cbruno10]

Describe the bug If I have an AWS profile setup:

$ cat ~/.aws/credentials
[default]
aws_access_key_id = key_id
aws_secret_access_key = secret_key
aws_session_token = session_token

And my creds are good for an hour, after an hour if I still have the same Steampipe session running, and I run a query, I'll receive an error, ExpiredToken: The provided token has expired.

In the cred management code, when we get an access key, secret key, and session token, we use the NewStaticCredentialsProvider type, which the SDK will never expire.

Steampipe version (steampipe -v) v0.19.3

Plugin version (steampipe plugin list) v0.99.0

To reproduce See above.

Expected behavior The credentials should be refreshed.

Additional context Add any other context about the problem here.

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

[ajoga]

Hey @cbruno10 -- if the postulate is that the end-user wrote in his ~/.aws/credentials file temporary credentials, then there is no way you can refresh credentials to extend their life. The session token has an expiry in it, and AWS won't let you extend it or derive infinitely other credentials from these.

Your options are one of these: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html#configuring-credentials (or the go-equivalent page of documentation :) )

The official mod documentation page has some guides about using AWS SSO or other credentials: https://hub.steampipe.io/plugins/turbot/aws#assumerole-credentials-no-mfa

I would not recommend Steampipe to write ~/.aws/credentials.

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

[github-actions[bot]]

This issue was closed because it has been stalled for 90 days with no activity.