Description
Describe the bug
In my shared AWS config file, I set configured it to trigger the SDK to use the StsAssumeRoleCredentials provider. I used the following settings in the config file:
[default]
role_arn = arn:aws:iam::111122223333:role/s3-listbuckets-only-role
duration_seconds = 900
role_session_name = test-temp-session
source_profile = main-profile
main-profile settings not shown, but it configures an sso session setup to use IdC.
In code, with wire logging enabled, I create an S3 client S3Client s3Client = S3Client.create();.
I see the following response that lists the expiration time (<Expiration>):
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << "HTTP/1.1 200 OK[\r][\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << "x-amzn-RequestId: fda3def1-b162-46e8-91dc-d590bc9feed8[\r][\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << "Content-Type: text/xml[\r][\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << "Content-Length: 1477[\r][\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << "Date: Fri, 01 Nov 2024 21:00:47 GMT[\r][\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << "[\r][\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << "<AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">[\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << " <AssumeRoleResult>[\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << " <AssumedRoleUser>[\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << " <AssumedRoleId>AROATKON37RG6VSFDTY4F:test-temp-session</AssumedRoleId>[\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << " <Arn>arn:aws:sts::111122223333:assumed-role/s3-listbuckets-only-role/test-temp-session</Arn>[\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << " </AssumedRoleUser>[\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << " <Credentials>[\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << " <AccessKeyId>xxx</AccessKeyId>[\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << " <SecretAccessKey>xxx</SecretAccessKey>[\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << " <SessionToken>xxx</SessionToken>[\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << " <Expiration>2024-11-01T22:00:48Z</Expiration>[\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << " </Credentials>[\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << " </AssumeRoleResult>[\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << " <ResponseMetadata>[\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << " <RequestId>fda3def1-b162-46e8-91dc-d590bc9feed8</RequestId>[\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << " </ResponseMetadata>[\n]"
2024-11-01 17:00:48 [main] DEBUG org.apache.http.wire:73 - http-outgoing-1 << "</AssumeRoleResponse>[\n]"
No matter what I set the duration_seconds value to, the expiration is always 1 hour (the default) after the initial call to STS.
Regression Issue
- Select this option if this issue appears to be a regression.
Expected Behavior
The SDK should honor the duration_seconds provided in the config file. This setting is not listed as an exception in the SDK reference (https://docs.aws.amazon.com/sdkref/latest/guide/feature-assume-role-credentials.html#assume-role-sdk-compat)
Current Behavior
The SDK ignored the duration_seconds provided in the config file and used the default value (3600 seconds).
Reproduction Steps
See earlier.
Possible Solution
No response
Additional Information/Context
No response
AWS Java SDK version used
2.29.5
JDK version used
17
Operating System and version
Mac - Sonoma 14.5