ECS task role chaining limitation to 1 hour
A customer is running into an error when trying to take the current task role credentials to assume a different role beyond 1 hour. They run into this error message: "ClientError: An error occurred (ValidationError) when calling the AssumeRole operation: The requested DurationSeconds exceeds the 1 hour session limit for roles assumed by role chaining."
I can't seem to find guidance on how a customer should configure the task role credentials duration beyond 1 hour so that assume role chaining can also extend beyond 1 hour. Is that possible?
- Le plus récent
- Le plus de votes
- La plupart des commentaires
I am just working on a container that ran into exactly the same issue. I made an assume role and added the credentials directly to the invocation of a third party lib. In the moment where the credentials timed out, all calls failed.
I found this merge request https://github.com/boto/botocore/pull/1313!
Now, I created a profile with the EcsContainer source:
[profile crossaccount]
role_arn="${CROSS_ACCOUNT_ROLE_ARN}"
credential_source=EcsContainer
I pass this profile to the 3rd party lib instead. Under the hood, this profile is registered in the credentials provider chain which solves the issue.
Best regards
Contenus pertinents
- demandé il y a un an
- demandé il y a 2 mois
AWS OFFICIELA mis à jour il y a 3 mois- AWS OFFICIELA mis à jour il y a 2 ans