defaultProvider does not respect duration_seconds configuration #4589
Description
Checkboxes for prior research
- I've gone through Developer Guide and API reference
- I've checked AWS Forums and StackOverflow.
- I've searched for previous similar issues and didn't find any solution.
Describe the bug
When using the default credential provider with AWS_PROFILE set to an entry in ~/.aws/config that has a role_arn and duration_seconds the resulting credentials expire after the default 3600 seconds instead of the value of duration_seconds.
SDK version number
@aws-sdk/credential-provider-ini@3.299.0
Which JavaScript Runtime is this issue in?
Node.js
Details of the browser/Node.js/ReactNative version
v18.7.0
Reproduction Steps
/**
* AWS_PROFILE=sample
*
* ~/.aws/credentials:
* [sample-user]
* aws_access_key_id = ...
* aws_secret_access_key = ...
*
* ~/.aws/config:
* [profile sample]
* region = us-west-1
* output = json
* role_arn = arn:aws:iam::123456789123:role/SampleRole
* duration_seconds = 900
* source_profile = sample-user
*
*/
import { decorateDefaultCredentialProvider } from '@aws-sdk/client-sts'
import { defaultProvider } from '@aws-sdk/credential-provider-node'
const provider = decorateDefaultCredentialProvider(defaultProvider)({})
const now = Date.now()
provider()
.then((credentials) => console.log(((credentials.expiration?.valueOf() ?? now) - now) / 1_000))
.catch((err) => console.error(err))Observed Behavior
3601.099
Expected Behavior
900.047
Possible Solution
resolveAssumeRoleCredentials is currently:
const params: AssumeRoleParams = {
RoleArn: data.role_arn!,
RoleSessionName: data.role_session_name || `aws-sdk-js-${Date.now()}`,
ExternalId: data.external_id,
};the fix would be:
const params: AssumeRoleParams = {
RoleArn: data.role_arn!,
RoleSessionName: data.role_session_name || `aws-sdk-js-${Date.now()}`,
ExternalId: data.external_id,
DurationSeconds: data.duration_seconds,
};