inspec-aws
inspec-aws copied to clipboard
inspec
CHEF-85 auth-token-refresh-retry-for-inspec-aws
Description
Issue: AWS session expiration after 12 hours using AssumeRole credentials
Currently, when using AWS resources, the session expires after 12 hours. This can cause disruptions to long-running scans that rely on these credentials.
Fix: To address this issue, the recommended approach is to implement a scheduled rotation of the AssumeRole credentials before the expiration time. This can be achieved by using AssumeRole API and retrieve a new set of temporary credentials before the existing ones expire.
Additional env variables required : export AWS_ROLE_ARN="arn:aws:iam::1127dummy395563:role/DUMMYRole" export AWS_TOKEN_EXPIRATION_DURATION="901" export AWS_ROLE_SESSION_NAME="DUMMY_aws_role_for_session"
Issues Resolved
List any existing issues this PR resolves, or any Discourse or StackOverflow discussion that's relevant
Check List
Please fill box or appropriate ([x]) or mark N/A.
- [ ] New functionality includes integration tests/controls
- [ ] New Terraform resources
- [ ] Documentation provided or updated for resources
- [ ] All Integration Tests pass
- [ ] All Unit Tests pass
- [ ]
rake lintpasses - [ ] All commits have been signed-off for the Developer Certificate of Origin. See https://github.com/chef/chef/blob/master/CONTRIBUTING.md#developer-certification-of-origin-dco
Deploy Preview for inspec-aws canceled.
| Name | Link |
|---|---|
| Latest commit | b3d4c400ca87faa6402285ca7e4b7806eee40686 |
| Latest deploy log | https://app.netlify.com/sites/inspec-aws/deploys/648878c359102f000810e656 |
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}