-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IAM auth: session token eventually expires #233
Comments
It seems like the second bullet might be the easiest, actually. Both Instead, I believe this |
Second options sounds good! Do you maybe know if this happens only with AWS or are other possible backends are affected as well? |
Hey :) I didn't test this with any other backend than ours, which is basically AWS ECS Fargate. I don't think I have the tools to test any other backend right now but if someone is willing to I'll be happy to help |
Hey!
I noticed an issue in the IAM auth feature I made a PR for a while back. Real world kartons are supposed to be long-running services and shouldn't crash, so essentially
KartonBackend
should be initialized once in their startup process. This means that the s3 client will use the samesession_token
and eventually it will expire and cause the karton to fail processing tasks 100% of the time.There are a couple of ways to deal with it I think are worth discussion:
get_or_create
is called, a new temporary client is made every time. This solves the problem because the session token doesn't have time to expire. Similarly, we can move the s3 client creation to a separate method:However, this can potentially create overhead and reduce the performance because of the constant creation of the client.
process
method of any karton. So essentially:The text was updated successfully, but these errors were encountered: