[request]: Allow specifying the role session length for AssumeRoleProvider #479
Description
A note for the community
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue, please leave a comment
Tell us about your request
The ability to set the DurationSeconds field of the sts:AssumeRole request that AssumeRoleProvider makes behind the scenes.
Tell us about the problem you're trying to solve.
We're using an assumed role to presign s3:GetObject URLs, and we want to be able to control the length of time the URLs are valid for. Presigned URLs produced using temporary credentials are valid for the lesser of the signature validity period and the credential validity period, so using AssumeRoleProvider we can't produce any URLs that are valid for longer than 3600 seconds (the default validity period for sts:AssumeRole).
Are you currently working around this issue?
We can manually call sts:AssumeRole using aws-sdk-sts and then produce the signed URLs using aws-sig-auth, but it's not nearly as ergonomic.
Additional context
No response