By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

The NextJS app build is encountering a failure due to the expiration of the token after one hour, which is generated during the build time.

0

We are facing an issue while implementing ISR in our NextJS application deployed on AWS Amplify. Currently, we are generating more than 22,000 static pages, which has increased our NextJS application build time to more than an hour. However, we are encountering an error message during the build process which states that the AWS token generated at build time has expired after one hour. The error message reads as follows: "ExpiredToken: The provided token has expired. at Request.extractError (/root/.//node_modules/@sls-next/s3-static-assets/node_modules/aws-sdk/lib/services/s3.js:711:35)". We are looking for a solution to either increase the time for the token or refresh the token to avoid the build failure. Alternatively, if there is any other way to implement this process, we would appreciate your guidance. I would appreciate it if you could please assist us in resolving this issue as soon as possible.

Thank you in advance for your assistance.

Topics
Developer ToolsFront-End Web & Mobile
Tags
AWS CodeBuildAWS CodePipelineAWS CodeCommitAWS CodeDeployAWS Amplify
Language
English
rePost-User-6890171
asked a year ago429 views
1 Answer
0

It seems that the problem you are facing is related to AWS credentials expiring during the build process. The AWS SDK that your NextJS application uses to communicate with AWS services requires valid AWS credentials to access AWS resources, such as S3 buckets.

The error message you provided suggests that the AWS access token that was generated at the start of the build process has expired. AWS access tokens are typically valid for a limited period of time, this period is usually set to 1 hour (3,600 seconds.) by default. After this period of time, the token becomes invalid and any AWS API calls made with that token will fail.

To solve this issue, you can either increase the length of time the token is valid or refresh the token before it expires. You can do this by updating the AWS IAM user policy to provide a longer lifetime for your IAM access token or by using AWS Cognito to generate temporary credentials that can be refreshed automatically. You can also consider using an AWS role that has the necessary permissions to access the required resources and using AWS Security Token Service (STS) to assume the role.

The steps to follow in case you want to follow the iam role approach look like the following:

• Create a new IAM policy that grants the necessary permissions to your NextJS application. • Create a new IAM role that can assume this policy. • Configure your NextJS application to assume this role using the AWS SDK. • Enable AWS STS to allow your NextJS application to generate temporary credentials that can be updated automatically. • Update your NextJS application to update AWS credentials before they expire. • I hope this helps! Let me know if you have any other questions or need additional guidance.

Here you can find an example of policy that provides access to an s3 bucket, you can adapt this policy to your particular scenario.

    "Version": "version number",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::your-bucket-name",
                "arn:aws:s3:::your-bucket-name/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "sts:GetFederationToken",
            "Resource": "*",
            "Condition": {
                "NumericLessThan": {
                    "aws:TokenExpirationTime": {
                        "AWS:EpochTime": 432000
                    }
                }
            }
        }
    ]
}

You can adjust the AWS:EpochTime condition to set the maximum duration for your IAM access token. For example, if you want your IAM access token to last for 12 hours, set the AWS:EpochTime value to 432000 (12 hours in seconds).

You can find additional information using this resource and this other.

AWS
David C
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content