I am using version 1.11.79 of the Amazon Java SDK I have a job that creates a snapshot of all my server volumes. With sleeps etc (to satisfy Amazon SDK guidelines) - this has started to take over an hour
I use the following code to construct my AmazonEC2Client using temporary credentials
AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(roleARN).withExternalId(externalId).withDurationSeconds(3600) .withRoleSessionName(roleSessionName); AssumeRoleResult assumeResult = amazonSecurityTokenServiceClient.assumeRole(assumeRequest); Credentials credentials = assumeResult.getCredentials(); temporaryCredentials = new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken()); CustomAmazonCredentialsProviderVO customAmazonCredentialsProviderVO = new CustomAmazonCredentialsProviderVO(); customAmazonCredentialsProviderVO.setCredentials(temporaryCredentials); LOG.debug("customAmazonCredentialsProviderVO:{}", customAmazonCredentialsProviderVO); amazonEC2Client = new AmazonEC2Client(customAmazonCredentialsProviderVO, amazonClientConfiguration); The problem is with the AssumeRoleRequest and the withDurationSeconds method - the max you can set it to is 3600 seconds (1 hour)
I need to be able to set this to say 2 or 3 hours
Does anyone know if there is another way to create temporary credentials that will last more than 1 hour?
Thanks Damien
1 Answers
Answers 1
You can make use of GetSessionToken, which accepts the DurationSeconds value as high as 129600 provided you are an IAM user.
From the docs:
Credentials that are created by IAM users are valid for the duration that you specify, from 900 seconds (15 minutes) up to a maximum of 129600 seconds (36 hours), with a default of 43200 seconds (12 hours)
0 comments:
Post a Comment