You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Previously, aws-vault login <profile> would request the MFA token once, and subsequent calls within a reasonable time period would not need it. Now (v3.5.0-31-g0acf41f) it requests them every time.
I'm guessing this is a side-effect of #92 so it's perhaps a good trade-off for getting longer AWS console sessions. Figured I'd open an issue in case it's considered a regression or something that can/should be fixed.
$ aws-vault --debug login --stdout PROFILE
2016/09/28 11:38:00 Parsing config file /Users/pda/.aws/config
2016/09/28 11:38:00 Looking up keyring for redacted
2016/09/28 11:38:00 Opening keychain /Users/pda/Library/Keychains/aws-vault.keychain
Enter token for arn:aws:iam::redacted:mfa/redacted: redacted
2016/09/28 11:38:09 Assuming role arn:aws:iam::redacted:role/redacted with iam credentials
2016/09/28 11:38:10 Using role ****************redacted, expires in 14m59.605818512s
2016/09/28 11:38:10 Creating federation login token, expires in 12h0m0s
https://signin.aws.amazon.com/federation?Action=login&Issuer=aws-vault&Destination=redacted...
The text was updated successfully, but these errors were encountered:
After some thought, I think it is a regression and we should keep the default behaviour like it was. We can add a --no-session like exec has to get the new behaviour. Thoughts?
Maybe use an existing session if found, as long as the requested expiry is inside the limit for session tokens. But use the original IAM credentials if the user has requested a longer time that necessitates using them, or if there's no token found.
Previously,
aws-vault login <profile>
would request the MFA token once, and subsequent calls within a reasonable time period would not need it. Now (v3.5.0-31-g0acf41f) it requests them every time.I'm guessing this is a side-effect of #92 so it's perhaps a good trade-off for getting longer AWS console sessions. Figured I'd open an issue in case it's considered a regression or something that can/should be fixed.
The text was updated successfully, but these errors were encountered: