When working with S3StorageClient using the AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE configuration options, it turns out that, in practice, the web identity token file is updated periodically. For example in Kubernetes it is updated at least every 24 hours.
This PR re-reads the web identity token each time credentials are refreshed to ensure that expiration never occurs.
When working with
S3StorageClientusing theAWS_ROLE_ARNandAWS_WEB_IDENTITY_TOKEN_FILEconfiguration options, it turns out that, in practice, the web identity token file is updated periodically. For example in Kubernetes it is updated at least every 24 hours.This PR re-reads the web identity token each time credentials are refreshed to ensure that expiration never occurs.
Resources