-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom session duration #58
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sunker
force-pushed
the
custom-session-duration
branch
from
June 22, 2022 11:52
854241b
to
649b0cc
Compare
andresmgot
approved these changes
Jun 23, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just a couple of minor comments
pkg/awsds/sessions.go
Outdated
@@ -46,7 +47,11 @@ const AllowedAuthProvidersEnvVarKeyName = "AWS_AUTH_AllowedAuthProviders" | |||
// AssumeRoleEnabledEnvVarKeyName is the string literal for the aws assume role enabled environment variable key name | |||
const AssumeRoleEnabledEnvVarKeyName = "AWS_AUTH_AssumeRoleEnabled" | |||
|
|||
// SessionDurationEnvVarKeyName is the string literal for the session duration variable key name | |||
const SessionDurationEnvVarKeyName = "AWS_SESSION_DURATION" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
to keep the naming consistent I would define this as AWS_AUTH_SessionDuration
Co-authored-by: Andres Martinez Gotor <andres.mgotor@gmail.com>
This was referenced Jan 26, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A customer has reported that they're getting SignatureDoesNotMatch errors while running multiple CloudWatch logs queries in parallel. They're using
AWS SDK Default
auth and they're assuming a role. We have not been able to repro this issue, but the theory is that the logs query is started using temporary STS credentials that lasts for 15 minutes. The query then runs for more than 15 minutes, so once it's completed different credentials are being used compared to when the query started.Once this is released, the customer will be able to test this by setting the new environment variable
AWS_SESSION_DURATION
to a duration longer than the default value (currently 15 minutes in STS).This PR is still in draft mode because we're waiting for approval from the customer to help us test this in future 9.0 patch release.The customer has confirmed that they're willing to help us test this. https://github.com/grafana/support-escalations/issues/2642