- Newest
- Most votes
- Most comments
Thanks for your answer!
We've already tried pushing up the AWS SSO session length, but it's not that which gets hit and forces another login, it's the much shorter initial token lifespan. When using the AWS CLI, it will continue to use the refresh token to go and get new valid session tokens as you use it. It appears that the CDK lib doesn't do this, and instead once that initial, short lived, token expires, that's it, session over, go through the process again.
We could wrap our calls in something like that, except the problem is that the aws sso login
call isn't something that can happen silently in the background, it opens a webpage to ask for permission to grant permissions.
Thanks though :)
There isn't a definitive solution to this issue. However, there are a few potential workarounds that you could consider.
Here are two possible solutions:
-
Increase the session duration: If you have control over the AWS SSO settings, you might consider increasing the session duration to the maximum allowed value. This should decrease the frequency at which your team has to re-login. However, it's worth noting that this is more of a band-aid solution than a proper fix.
-
Use AWS CLI v2's auto-refresh capability with a helper script: AWS CLI v2 has the ability to automatically refresh SSO tokens when necessary, so you might consider using a wrapper script around the cdk commands that you're using which can ensure that the necessary tokens are refreshed before they're used.
You could create a simple bash script as follows:
#!/bin/bash
# Refresh SSO credentials
aws sso login
# Call original CDK command
cdk "$@"
This will ensure that each time you run your cdk commands via this script, it will refresh your SSO login.
Remember to replace "region" and "sso_account_id" with your specific values, and you'll need to mark this script as executable with chmod +x.
I know this is not the perfect solution, but until AWS resolves this issue, I hope this could help in mitigating the frequent login requirement.
Please note that these solutions are just workarounds, and the best long-term solution would be for AWS CDK to handle AWS SSO credentials properly. Keep an eye on the AWS CDK GitHub issue that you mentioned for updates from the AWS team.
Relevant content
- Accepted Answerasked 2 years ago
- Accepted Answerasked a year ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 17 days ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago