From 5da54467b520640c210d6d8211d05a3ea6f4fe01 Mon Sep 17 00:00:00 2001
From: Michael Dickinson
 <45626543+michael-dickinson-sainsburys@users.noreply.github.com>
Date: Wed, 18 Nov 2020 20:22:44 +0000
Subject: [PATCH] fix: Refresh assumed role credentials if session is nearing
 expiration

---
 prowler | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/prowler b/prowler
index c88fab83..449b3ab0 100755
--- a/prowler
+++ b/prowler
@@ -310,6 +310,15 @@ show_group_title() {
 
 # Function to execute the check
 execute_check() {
+  if [[ $ACCOUNT_TO_ASSUME ]]; then
+    if (( "$AWS_SESSION_EXPIRATION" < (( "$(date -u "+%s")" + (( $SESSION_DURATION_TO_ASSUME / 10 )) )) )); then
+      unset AWS_ACCESS_KEY_ID
+      unset AWS_SECRET_ACCESS_KEY
+      unset AWS_SESSION_TOKEN
+      assume_role
+    fi
+  fi
+
   # See if this is an alternate name for a check
   # for example, we might have been passed 1.01 which is another name for 1.1
   local alternate_name_var=CHECK_ALTERNATE_$1