Description
Describe your idea/feature/enhancement
AWS-vault is almost essential when developing daily with AWS SAM (especially sam sync) with MFA set up (best practice of course) you use it like:
aws-vault exec some-profile -- sam sync --watch --stack-name some-stack --region eu-west-1 --parameter-overrides EnvType=dev
This means that it can assume a role using your credentials without MFA over the next say 8 hours - so you don't have to use your MFA device every hour! That was life-changing.. ;-)
However.. the temp credentials expire every hour.. (you don't need your MFA device which is a huge improvement..) but still leads once per hour having to escape the 'sam sync' in the terminal.. and re-run the aws-vault exec.... command. So on an 8-12 hours day.. that's about 8 - 12 annoyances.. and at least 30 mins lost time!
Proposal
Please can AWS SAM be aware of the temp credentials' expiry time, and either:
- Check credentials expiry time and refresh 2 mins before they expire
- Set an override to auto-refresh every say 58 mins (hard-coded/ passed value) - so it's good to go when you sync a change via sam sync
- Or on credentials failure then auto-refresh
The actual error thrown on credentials expiry, in case it's useful is:
Code sync encountered an error.
Traceback (most recent call last):
File "samcli/lib/sync/sync_flow_executor.py", line 335, in _sync_flow_execute_wrapper
File "samcli/lib/sync/sync_flow.py", line 312, in execute
File "samcli/lib/sync/flows/zip_function_sync_flow.py", line 107, in compare_remote
File "botocore/client.py", line 401, in _api_call
File "botocore/client.py", line 731, in _make_api_call
botocore.exceptions.ClientError: An error occurred (ExpiredTokenException) when calling the GetFunction operation: The security token included in the request is expired
Thank you! :-)