Open
Description
I've observed that when using identity center, the access key for a given session is new each time - meaning we have a unique hash key each time I run my script.
I broke out the client into my project to inject the access key into my logs to verify this.
INFO:botocore.tokens:Loading cached SSO token for my-sso-session
INFO:cache_client:API Call Logger: Access Key - ASIA.............3HS, Region - eu-west-1, Service - sso-admin, Action - DescribeInstance, API Params - {'InstanceArn': 'arn:aws:sso:::instance/ssoins-abc123'}
INFO:botocore.tokens:Loading cached SSO token for my-sso-session
INFO:cache_client:API Call Logger: Access Key - ASIA.............OF7, Region - eu-west-1, Service - sso-admin, Action - DescribeInstance, API Params - {'InstanceArn': 'arn:aws:sso:::instance/ssoins-abc123'}
I can also confirm that constructing the cache key using the following makes caching work in this scenario too:
cache_key = "{service}_{action}_{region}_{api_params}".format(
# Service for identifying which service is being queried
service=self._service_model.service_name,
# Action of the service
action=operation_name,
# Region where the call is being made
region=self.meta.region_name,
# Api Parameters. This takes care of pagination token, marker and other params.
# The API Params dictionary is sorted before hashing
api_params=str(OrderedDict(sorted(api_params.items()))),
)I'm going to take a look and see if there's something more suitable to use - at least if we can detect that we're running under an SSO session.
Metadata
Metadata
Assignees
Labels
No labels