Skip to content

What is default time to refresh the temporary credentials using AssumeRoleWithWebIdentityCredentials.FromEnvironmentVariables() method #2609

Answered by ashishdhingra
anjanasagathiya asked this question in Q&A
What is default time to refresh the temporary credentials using AssumeRoleWithWebIdentityCredentials.FromEnvironmentVariables() method #2609
@anjanasagathiya anjanasagathiya
May 19, 2023 · 2 comments
Answered by ashishdhingra Return to top
Discussion options

anjanasagathiya
May 19, 2023

You must be logged in to vote
Answered by ashishdhingra May 23, 2023

@anjanasagathiya The expiration time for WebIdentityTokenFile is configured in the OIDC provider. These are normally configured in the assumed IAM role session duration (refer here).

AssumeRoleWithWebIdentityCredentials sets the PreemptExpiryTime to a constant value PREEMPT_EXPIRY_MINUTES having values as 5 minutes, which is The time before actual expiration to expire the credentials.. So while fetching the credentials, if these are determined expired based on the PreemptExpiryTime, the new credentials are generated. If the credentials are already expired before being retrieved from the calling method, exception is thrown here.

Thanks,
Ashish

@bot propose-answer

View full answer

Replies: 2 comments

Comment options

ashishdhingra
May 23, 2023
Maintainer

You must be logged in to vote
0 replies
Answer selected by ashishdhingra
Comment options

github-actions[bot]
bot Dec 1, 2023

You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. credentials
2 participants
@anjanasagathiya @ashishdhingra