Temporary credentials are not expiring after session duration with credential-process

Question

When we execute command 
command = `./aws_signing_helper credential-process --certificate ./certificate.pem --private-key ./privkey.pem --session-duration 900 --trust-anchor-arn arn:666hggfg --profile-arn arn:nbvhj765 --role-arn arn:mhgjdgd678`
It generates temporary credentials on the stdout, but the credentials are not getting expired after 15 mins. As session duration is defined as 15 mins, new set of temporary credentials should be generated at 10 mins.
Is there a reason for this?

Also,  command = `./aws_signing_helper update --certificate ./certificate.pem --private-key ./privkey.pem --session-duration 900 --trust-anchor-arn arn:8645654fghg --profile-arn arn:jhgjhgf7632 --role-arn arn:jgfgge432`
writes output to credentials file, though credentials are regenerated every 10 mins. Is there a way if we do not want to write credentails in the credential file, but just want to directly set in AWS.config.credentials?

Answer

Make sure you are passing the correct format for the `trust-anchor-arn`, `profile-arn` and `role-arn`:
```
./aws_signing_helper credential-process \
      --certificate /path/to/certificate \
      --private-key /path/to/private-key \
      --trust-anchor-arn arn:aws:rolesanywhere:region:account:trust-anchor/TA_ID \
      --profile-arn arn:aws:rolesanywhere:region:account:profile/PROFILE_ID \
      --role-arn arn:aws:iam::account:role/role-name-with-path
```

Temporary credentials are not expiring after session duration with credential-process

関連するコンテンツ