21636: Increase ExpiryWindow and add doc reference.

author Tom Clegg <tom@curii.com>

Tue, 2 Apr 2024 14:43:59 +0000 (10:43 -0400)

committer Tom Clegg <tom@curii.com>

Tue, 2 Apr 2024 14:43:59 +0000 (10:43 -0400)
author Tom Clegg <tom@curii.com>
Tue, 2 Apr 2024 14:43:59 +0000 (10:43 -0400)
committer Tom Clegg <tom@curii.com>
Tue, 2 Apr 2024 14:43:59 +0000 (10:43 -0400)
diff --git a/services/keepstore/s3_volume.go b/services/keepstore/s3_volume.go

index affcc988ddc26111ae4909adf131931818273a23..2e2e97a974efa2ddbb7b5e60f67160da85181980 100644 (file)
--- a/services/keepstore/s3_volume.go
+++ b/services/keepstore/s3_volume.go
@@ -226,7 +226,13 @@ func (v *s3Volume) check(ec2metadataHostname string) error {
                                 // expiring credentials do not cause
                                 // request to fail unexpectedly due to
                                 // ExpiredTokenException exceptions."
-                               opts.ExpiryWindow = time.Minute
+                               //
+                               // (from
+                               // https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html)
+                               // "We make new credentials available
+                               // at least five minutes before the
+                               // expiration of the old credentials."
+                               opts.ExpiryWindow = 5 * time.Minute
                         }),
                 })
author	Tom Clegg <tom@curii.com>
	Tue, 2 Apr 2024 14:43:59 +0000 (10:43 -0400)
committer	Tom Clegg <tom@curii.com>
	Tue, 2 Apr 2024 14:43:59 +0000 (10:43 -0400)