Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

--duration non-operational #7

Open
upenn-hughmac opened this issue Sep 5, 2024 · 0 comments
Open

--duration non-operational #7

upenn-hughmac opened this issue Sep 5, 2024 · 0 comments

Comments

@upenn-hughmac
Copy link
Collaborator

While I can adjust the AWS Maximum session duration for a Role, and "see" it (so it can be > 3600s default), using the --duration option to set at less than the max is inoperable.

Validation steps:

$ aws-federated-auth --list --account 432399220289
Username: hughmac
...
wharton-research-programming-2-AdministratorAccess                       43200 432399220289   AdministratorAccess
wharton-research-programming-2-research-it-q-role                         3600 432399220289   research-it-q-role
$ aws-federated-auth --account 432399220289 --duration 900
...
PROFILE NAME                                                      MAX DURATION ACCOUNT NUMBER ROLE NAME
wharton-research-programming-2-AdministratorAccess                       43200 432399220289   AdministratorAccess
wharton-research-programming-2-research-it-q-role                         3600 432399220289   research-it-q-role

Then something like:

$ export AWS_PROFILE='wharton-research-programming-2-AdministratorAccess'
$ while aws s3 ls | grep zappa>/dev/null 2>&1; do echo "$(date +%H:%M:%S) :: OK"; done; echo "$(date +%H:%M:%S) :: EXP
IRED"

... doesn't expire until max, instead of the desired 900s.

With --logging=debug I only see:

{"time":"2024-09-05 07:50:31","name":"shib.awsshib","level":"   DEBUG","message":"Attempting to query max duration"}

... no errors, etc.

Let me know if I'm missing something, etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant