You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Title: AWS Credentials cache should be configurable and flexible instead of hard coded to 1 hour
Description:
Describe the desired behavior, what scenario it enables and how it
would be used.
AWS access id, secret key, and session tokens read from AWS credential file are cached for 1 hour. This can result in stale credentials due to caching happening before session tokens are refreshed, or when an invalid token is cached.
The desired behavior is split into two parts:
Allow users to configure the caching TTL time
If the AWS credential file has been modified, clear the cache and read the keys/tokens from the updated file
Behaviour #1 allows us to shorten/extend the cache TTL to match the timeframe our tokens are valid for
Behaviour #2 allows us to update credential file adhoc and have those credentials be used by EnvoyProxy without needing to restart the application or wait for the cache TTL
[optional Relevant Links:]
Any extra documentation required to understand the issue.
Title: AWS Credentials cache should be configurable and flexible instead of hard coded to 1 hour
Description:
AWS access id, secret key, and session tokens read from AWS credential file are cached for 1 hour. This can result in stale credentials due to caching happening before session tokens are refreshed, or when an invalid token is cached.
The desired behavior is split into two parts:
Behaviour #1 allows us to shorten/extend the cache TTL to match the timeframe our tokens are valid for
Behaviour #2 allows us to update credential file adhoc and have those credentials be used by EnvoyProxy without needing to restart the application or wait for the cache TTL
[optional Relevant Links:]
Code where TTL is hardcoded
The text was updated successfully, but these errors were encountered: