Reputation: 790
Expiration time of AWS EC2 instance profile credentials
The official AWS documentation states that instance profile credentials "are temporary and would eventually expire", and I was wondering how often they expire.
I'am asking because I have applications using an InstanceProfileCredentialsProvider as credential provider, which by default does not refresh credentials, running for days without problems.
Upvotes: 7
Views: 7526
Answers (1)
Reputation: 301
We have noticed from logging that the temporary credentials issued against an attached role last approximately 6 hours.
Does anyone know the mechanism of how they are refreshed, supposedly 15 minutes before they expire? Is the SSM service monitoring the expiration and asking for new credentials?
We are currently chasing down what appears to be an issue with the credentials not being refreshed after the EC2 instance has no activity on the overnight. Trying to determine whether app pool idle timeout or recycle interval is playing a hand.
Upvotes: 5
Related Questions
- Ways to find out how soon the AWS session expires?
- AWS IAM role expiry
- AWS temporary credentials — is the Expiration time in UTC?
- How to configure expiration time for AWS container credentials
- AWS Cognito Password Expiration
- EC2 Instance profiles using expired credentials
- How can I increase the timeout for the temporary EC2 credentials?
- Amazon AWS reserve instance expire
- Resource limits on AWS Temporary Security Credentials
- Is there a grace period when renewing IAM credentials via metadata query?