Strange behavior with sts client #4199
Labels
bug
This issue is a bug.
closing-soon
This issue will close in 4 days unless further comments are made.
response-requested
Waiting on additional info and feedback. Will move to "closing-soon" in 10 days.
Describe the bug
I am using sts client to assume roles in various accounts ( account id + role on demand ) to execute some operations. The setup is like, the sts client is created once in beginning and role assumption is done multiple times based on a message from queue or a http request.
In a long running setting, lets say external id gets changed and we recieve new external id from user,
assumeRole
simply givesUnAuthorized
exception. On some testing, I found it takes a several minutes to address this external id change in trust relationship.While in a short setting, where sts client gets created again and again, changes in external id takes few seconds to be addressed.
What might be reason for this behavior ?
Expected Behavior
StsClient
should address changes in external id in same amount of time whether its long running or recreated with every request.Current Behavior
stsClient
in long running setting addresses the change in external id much slower thanstsClient
which is freshly created.Reproduction Steps
Start with a role you can successfully assume from your local.
In above code, put a debug point on line number 2. Once there, modify the external id in trust relationship of the role in aws console. Evaluate the expression in debugger, it will give
Unauthorized
for lot of minutes.If we simply restart the code, it will assume right away.
Possible Solution
No response
Additional Information/Context
No response
AWS Java SDK version used
2.20.103
JDK version used
openjdk 11.0.18 2023-01-17 OpenJDK Runtime Environment Temurin-11.0.18+10 (build 11.0.18+10) OpenJDK 64-Bit Server VM Temurin-11.0.18+10 (build 11.0.18+10, mixed mode)
Operating System and version
mac os 13.3.1
The text was updated successfully, but these errors were encountered: