Configure aws-vault to cache role tokens
Supermathie opened this issue · comments
We would like to have aws-vault cache role tokens.
By default, a new session is created for every invocation which means a round trip to AWS and back to retrieve the new token. For our people in more remote regions this means a round trip on every invocation which we'd like to avoid.
We ask that instead of retrieving a new role token on every call, we can instruct aws-vault to remember it for a period of time and return that instead of a new one.
If this is not already possible, would you be open to a PR implementing such a thing?
e.g. instead of:
○ → aws-vault export prod | grep AWS_ACCESS_KEY_ID
AWS_ACCESS_KEY_ID=ASIAQ2NCZ6TQXGPG4QWB
○ → aws-vault export prod | grep AWS_ACCESS_KEY_ID
AWS_ACCESS_KEY_ID=ASIAQ2NCZ6TQRW6FRWUG
we get:
○ → aws-vault export prod | grep AWS_ACCESS_KEY_ID
AWS_ACCESS_KEY_ID=ASIAQ2NCZ6TQXGPG4QWB
○ → aws-vault export prod | grep AWS_ACCESS_KEY_ID
AWS_ACCESS_KEY_ID=ASIAQ2NCZ6TQXGPG4QWB
- I am using the latest release of AWS Vault
using arch aws-vault 7.2.0-1 - I have provided my
.aws/config
(redacted if necessary)
[default]
cli_pager =
region = us-east-1
[profile root-account]
mfa_serial = arn:aws:iam::111111111111:mfa/supermathie
[profile prod]
source_profile = root-account
role_arn = arn:aws:iam::222222222222:role/admin
mfa_serial = arn:aws:iam::111111111111:mfa/supermathie
region = us-west-2