fix: Refresh assumed role credentials if session is nearing expiration

2026-02-10 14:55:00 +00:00 · 2020-11-18 20:22:44 +00:00
parent 8ab91e9f8e
commit 5da54467b5
1 changed files with 9 additions and 0 deletions
--- a/9
+++ b/9
@@ -310,6 +310,15 @@ show_group_title() {

 # Function to execute the check
 execute_check() {
+  if [[ $ACCOUNT_TO_ASSUME ]]; then
+    if (( "$AWS_SESSION_EXPIRATION" < (( "$(date -u "+%s")" + (( $SESSION_DURATION_TO_ASSUME / 10 )) )) )); then
+      unset AWS_ACCESS_KEY_ID
+      unset AWS_SECRET_ACCESS_KEY
+      unset AWS_SESSION_TOKEN
+      assume_role
+    fi
+  fi
+
  # See if this is an alternate name for a check
  # for example, we might have been passed 1.01 which is another name for 1.1
  local alternate_name_var=CHECK_ALTERNATE_$1