Amazon SDK - Temporary Credentials and AssumeRoleRequest

Question

I am using version 1.11.79 of the Amazon Java SDK I have a job that creates a snapshot of all my server volumes. With sleeps etc (to satisfy Amazon SDK guidelines) - this has started to take over an hour

I use the following code to construct my AmazonEC2Client using temporary credentials

        AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(roleARN).withExternalId(externalId).withDurationSeconds(3600)
            .withRoleSessionName(roleSessionName);

    AssumeRoleResult assumeResult = amazonSecurityTokenServiceClient.assumeRole(assumeRequest);
    Credentials credentials = assumeResult.getCredentials();

    temporaryCredentials = new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken());

    CustomAmazonCredentialsProviderVO customAmazonCredentialsProviderVO = new CustomAmazonCredentialsProviderVO();
    customAmazonCredentialsProviderVO.setCredentials(temporaryCredentials);
    LOG.debug("customAmazonCredentialsProviderVO:{}", customAmazonCredentialsProviderVO);

    amazonEC2Client = new AmazonEC2Client(customAmazonCredentialsProviderVO, amazonClientConfiguration);

The problem is with the AssumeRoleRequest and the withDurationSeconds method - the max you can set it to is 3600 seconds (1 hour)

I need to be able to set this to say 2 or 3 hours

Does anyone know if there is another way to create temporary credentials that will last more than 1 hour?

Thanks Damien

Answer 1

You can make use of GetSessionToken, which accepts the DurationSeconds value as high as 129600 provided you are an IAM user.

From the docs:

Credentials that are created by IAM users are valid for the duration that you specify, from 900 seconds (15 minutes) up to a maximum of 129600 seconds (36 hours), with a default of 43200 seconds (12 hours)