Tokens expire after an hour

[e1ven]

My understanding is that the session tokens last for 12 hours, but the assumerole credentials that come back only last for an hour.

Are you re-running this every hour? What do you do for processes which need more than hour to complete? For some apps I've re-written them to handle their own tokens, but how do you handle this on your team?

[brainstorm]

Interesting, which processes are you running yourself that (from the client) require more than an hour to complete when interacting with AWS?

[e1ven]

Mostly analytics.
It turns out to be fortuitous timing. Roles can now be up to 12 hours.
https://aws.amazon.com/about-aws/whats-new/2018/03/longer-role-sessions/

[brainstorm]

Awesome, thanks a lot for the reference! Just right now one of my colleagues ran into this issue and the terraform state got truncated :-!

[brainstorm]

AFAICT with PR #21 merged in this can be closed?

Also @grahamjenson, PR #20 apparently broke the bats testing suite since it was not merged in before release?:

$ bats test/assume-role.bats
 ✗ should work
   (in test file test/assume-role.bats, line 72)
     `[ "${lines[6]}" = 'export AWS_ACCOUNT_ID="123456789012";' ]' failed

/cc @reisingerf

[grahamjenson]

You can specify AWS_ROLE_SESSION_TIMEOUT for increasing timeout, default remains an hour.

I usually run this every hour. A bit annoying but not too bad.

Also, tests are now passing and CircleCI is setup, so no more PRs can break tests.