IAM Temporary Role Credentials must be refreshed

[tamsky]

Currently I don't believe gof3r refreshes IAM role credentials, but they will expire if used for a long enough period of time. This is usually many (10+ hours) after they are retrieved.

For large file transfers with gof3r this has definitely been an issue for us. Our fix was to remove IAM roles from the hosts and use environment variables with static credentials in order to push those large files.

This credential expiry is by design, as explained in this similar issue: https://github.com/fog/fog/issues/3544#issuecomment-98178177 which cites: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

One strategy, employed by boto is anticipatory based on expiry time.