-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EC2CredentialsFetcher refreshes credentials too eagerly #1893
Comments
Sounds like a reasonable proposal, and easy to fix. +1 to making it 5 minutes (to match the other SDKs) and making it configurable. |
Under load synchronization on fetchCredentials method caused significant performance degradation aws-sdk-java/aws-java-sdk-core/src/main/java/com/amazonaws/auth/EC2CredentialsFetcher.java Line 111 in 6097d36
|
I am also observing a significant performance degradation as a result of this synchronized fetchCredentials() function. Can you remove the synchronized in addition to the 5 minute reduction? |
Unfortunately we're concentrating our development effort on 2.x of the SDK (based on customer feedback), and aren't planning to make many changes in 1.11.x at this time. If this is still an issue in 2.x of the SDK, please open an issue there and we'll investigate. |
In this SDK, EC2 Instance Profile credentials are refreshed if they are within 15 minutes of expiration, as seen here:
https://github.com/aws/aws-sdk-java/blob/master/aws-java-sdk-core/src/main/java/com/amazonaws/auth/EC2CredentialsFetcher.java#L43-L53
I believe this is an issue for a couple reasons:
I think this 15 minute window should be dropped to 5 minutes to match the other libraries and enable conservative token policies.
The text was updated successfully, but these errors were encountered: