STS:AssumeRole DefaultDuration is 15 minutes
lobeck opened this issue · comments
Describe the bug
The default value is currently set to 15 minutes / 900 seconds https://github.com/aws/aws-sdk-go/blob/main/aws/credentials/stscreds/assume_role_provider.go#L127
However the default of the API is documented to be 1 hour / 3600 seconds https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
By default, the value is set to 3600 seconds
So the default of the go sdk should also be 1 hour to avoid nasty surprises
Expected Behavior
A 1 hour / 3600 second session duration
Current Behavior
only 15 minutes / 900 seconds
Reproduction Steps
Possible Solution
No response
Additional Information/Context
No response
SDK version used
1.48.2
Environment details (Version of Go (go version
)? OS name and version, etc.)
Hi @lobeck,
Thanks for reaching out. The docs you have provided refers to the server-side default value that gets applied when you do not specify a DurationSeconds
in the request, and does not pertain to the default value supplied by an explicit AssumeRole()
call, as it is an optional parameter (those docs are confusingly worded)
Furthermore, the API model (which the SDK is generated from) does not model a default value for DurationSeconds
to be supplied client-side as seen by the lack of the default trait here
Because of this, I re-labeled the issue as a feature request. That being said, I agree with you that it would be nice and less confusing for the implicit call made by the provider to match the service side default.
Will discuss this with the team and let you know if this is something we are able to change.
Thanks,
Ran~
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.