fix: ask for 8 hours of access to s3 files.

GDAL does not allow for regenerating access keys, so hopefully 6 hours will be long enough
linz · Jan 27, 2020 · f1a0910 · f1a0910
1 parent ed606ba
commit f1a0910
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/packages/shared/src/aws/credentials.ts b/packages/shared/src/aws/credentials.ts
@@ -7,6 +7,8 @@ export interface StsAssumeRoleConfig {
     externalId: string;
 }
 
+const OneHourSeconds = 60 * 60;
+
 /**
  * Credentials need to be cached or a separate assume role will be called for each individual
  * instance of the credential chain
@@ -18,6 +20,7 @@ class CredentialObjectCache extends ObjectCache<AWS.ChainableTemporaryCredential
                 RoleArn: opts.roleArn,
                 ExternalId: opts.externalId,
                 RoleSessionName: `bm-${hostname()}-${Date.now()}`,
+                DurationSeconds: 8 * OneHourSeconds,
             },
             masterCredentials: AWS.config.credentials as AWS.Credentials,
         });