Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS SDK STS doesn't autorefresh cross account s3 token #5556

Open
kalyc opened this issue Sep 4, 2024 · 0 comments
Open

AWS SDK STS doesn't autorefresh cross account s3 token #5556

kalyc opened this issue Sep 4, 2024 · 0 comments
Labels
bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.

Comments

@kalyc
Copy link

kalyc commented Sep 4, 2024

Describe the bug

Hi I am facing similar issue. I have used StsAssumeRoleCredentialsProvider on cross account role but the access token doesn't appear to be auto-refreshing. This is trying to access cross account s3 bucket.

     StsClient stsClient = StsClient.builder().region(Region.of(jobProperties.getAwsRegion())).build();
     
    AssumeRoleRequest assumeRoleRequest = AssumeRoleRequest.builder()
                .roleArn(ROLE_ARN)
                .roleSessionName("name")
               .durationSeconds(3600)
                .build();

        StsAssumeRoleCredentialsProvider provider = StsAssumeRoleCredentialsProvider.builder()
            .stsClient(stsClient)
            .refreshRequest(assumeRoleRequest)
            .build();

Expected Behavior

Expect that the token is auto-refreshed and the requests to s3 are successful

Current Behavior

Getting 403 forbidden error messsage. Have confirmed that the permissions on the bucket and role are consistent and as I expect.

Reproduction Steps

Setup cross account bucket and try to access it by using the assume role code snippet above.

Possible Solution

No response

Additional Information/Context

No response

AWS Java SDK version used

2.20.81

JDK version used

17

Operating System and version

Mac Sonoma 14.16.1
@kalyc kalyc added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Sep 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kalyc