- Newest
- Most votes
- Most comments
You will need to periodically refresh the credentials obtained from the metadata endpoint because as you mentioned, they have an expiration timestamp. You can do this by setting up a scheduled task or a cron job to fetch the new credentials from the metadata endpoint before they expire. To extend the credentials' life, you can increase the session duration when you assume the task role using AWS Security Token Service (STS). When you assume a role, you can specify the duration of the role session, up to a maximum of 12 hours. The default session duration is one hour.
From here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html Temporary security credentials are short-term, as the name implies. They can be configured to last for anywhere from a few minutes to several hours. After the credentials expire, AWS no longer recognizes them or allows any kind of access from API requests made with them.
Relevant content
- Accepted Answerasked 2 years ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Note that AWS-supplied SDKs will poll the Instance Metadata Service for you - so this answer does depend on the libraries you're using.
@Brettski-AWS that's excellent info
but unfortunately for me this is an Elixir app so I won't get that benefit for free.Scratch what I said above. As you say, ex_aws will take care of this.