Automatically refreshing credentials with STS AssumeRole
for API Gateway request signing
#1177
Unanswered
avandesa-fw
asked this question in
Q&A
Replies: 1 comment
-
Thanks for posting! Normally, you'd reach out something like AssumeRoleProvider, create an instance of it, and pass it to the credentials_provider method on Do you use |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello! We have a somewhat odd use case and I'm looking into ways to leverage the SDK to make our lives easier.
Currently, we're calling
AssumeRole
to get temporary credentials, then using those to manually sign HTTP requests withaws_sigv4
to authenticate against an AWS API Gateway. This works great so far! However, we need some way to refresh those credentials since they only last a couple hours.Our tentative plan is to keep the credentials behind a lock of some sort, then re-fetch them when requests start failing with
403 Forbidden
errors. However, this synchronization is going to be tough to get right. I was wondering if there's any existing tools in the SDK or smithy to make this process easier.One possibility I see is giving an SDK client a
ProvideCredentials
impl that internally callsAssumeRole
, then getting theSharedHttpClient
and using that to perform requests, but it's not immediately clear to me ifProvideCredentials::provide_credentials
when the creds expireSharedHttpClient
orSharedHttpConnector
would have access to those creds, orAgain, we can do the synchronization ourselves, but I want to make sure I'm not missing some other SDK feature that would make this easier. Thanks!
Beta Was this translation helpful? Give feedback.
All reactions