Proper method to control the expiration time of AWSCredentails

[wkyu2kg]

I have a need to adjust the expiration time of AWS credentials in my applications to s3 buckets. I have tried to use both SetExpiration() and the constructor AWSCredentials(const Aws::String& accessKeyId, const Aws::String& secretKey, const Aws::String& sessionToken, Aws::Utils::DateTime expiration) with an expiration time of my choice. But the actual expiration seems to be controlled by a different clock.

For example, I use the code below to construct client->sdk_creds_ to expire immediately, but the s3 client created from client->sdk_creds_ can still access my s3 bucket. Can somebody please share some insights?

  Aws::Auth::AWSCredentials init_creds;
                                                                            
  ConfigureClient(&cfg, &init_creds, &use_virtual_addressing, "");
  
  client->sdk_creds_ = Aws::Auth::AWSCredentials(
      init_creds.GetAWSAccessKeyId(),
      init_creds.GetAWSSecretKey(),                                         
      init_creds.GetSessionToken(),
      (Aws::Utils::DateTime::Now() - std::chrono::minutes(1)));          

[jmklix]

You can do that by managing the IAM access keys. There might be some delay when updating access keys, but you should be able to expect the changes quickly. I'm not sure what the exact expectation is. Let us know if you are seeing any unreasonable delay with this

[jmklix]

Marking this as answered. Please let me know if you have any more questions about AWSCredentials

[github-actions[bot]]

Hello! Reopening this discussion to make it searchable.