AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관

ECS task role chaining limitation to 1 hour

0

A customer is running into an error when trying to take the current task role credentials to assume a different role beyond 1 hour. They run into this error message: "ClientError: An error occurred (ValidationError) when calling the AssumeRole operation: The requested DurationSeconds exceeds the 1 hour session limit for roles assumed by role chaining."

I can't seem to find guidance on how a customer should configure the task role credentials duration beyond 1 hour so that assume role chaining can also extend beyond 1 hour. Is that possible?

AWS
질문됨 5년 전1.3천회 조회
1개 답변
0
수락된 답변

I am just working on a container that ran into exactly the same issue. I made an assume role and added the credentials directly to the invocation of a third party lib. In the moment where the credentials timed out, all calls failed.

I found this merge request https://github.com/boto/botocore/pull/1313!

Now, I created a profile with the EcsContainer source:

[profile crossaccount]
role_arn="${CROSS_ACCOUNT_ROLE_ARN}"
credential_source=EcsContainer

I pass this profile to the 3rd party lib instead. Under the hood, this profile is registered in the credentials provider chain which solves the issue.

Best regards

AWS
답변함 5년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠