By using AWS re:Post, you agree to the Terms of Use
/How do I change the expiration time of credential information retrieved from the Cognito ID Pool?/

How do I change the expiration time of credential information retrieved from the Cognito ID Pool?


We are using aws-sdk to get temporary credential information from the Cognito ID pool in order to send requests from our front-end web application to the API Gateway that has been configured for authorization by the IAM authorizer. The credential information expiration time is 1 hour by default, is there any way to change the expiration time?

const client = new CognitoIdentityClient({ region: process.env.VUE_APP_AWS_REGION });

const getIdCommandInput = {
  AccountId: process.env.VUE_APP_AWS_ACCOUNT_ID,
  IdentityPoolId: process.env.VUE_APP_COGNITO_AUTH_IDENTITY_POOL_ID,
  Logins: {}
const userPool = `cognito-idp.${process.env.VUE_APP_AWS_REGION}${process.env.VUE_APP_COGNITO_AUTH_USER_POOL_ID}`;
getIdCommandInput.Logins[userPool] = store.state.authenticateResult.idToken;
const getIdCommand = new GetIdCommand(getIdCommandInput);

const identityIdResponse = await client.send(getIdCommand);

const getCredentialsForIdentityCommandInput = {
  IdentityId: identityIdResponse.IdentityId,
  Logins: {}
getCredentialsForIdentityCommandInput.Logins[userPool] = store.state.authenticateResult.idToken;
const getCredentialsForIdentityCommand = new GetCredentialsForIdentityCommand(getCredentialsForIdentityCommandInput);

const credentialsResponse = await client.send(getCredentialsForIdentityCommand);

When the credential information is retrieved with the above code, the Expiration property contains the date and time one hour later.

I tried the following, but there was no change in the 1-hour expiration.

(1) Change the "maximum session time" of IAM roles set to "authenticated roles" in the Cognito identity pool to 2 hours.

(2) Change the "Maximum session time" of IAM roles set to groups in the Cognito user pool to 2 hours.

1 Answers


As of August 12,2020, AWS has announced that user pools now supports customization of token expiration.

Here are the steps to follow:

Open your AWS Cognito console.
Go to General Settings.
Scroll down to App clients and click edit.
Click on Show Details button to see the customization options

Keep in mind, access token expiration must be between 5 minutes and 1 day. Cannot be greater than refresh token expiration.

For additional information about using the ID tokens, please refer to this AWS Documentation.

I hope this helps.

answered 14 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions