I have a script that pulls a lot of metrics from Cloudwatch for our own internal reports.
The script iterates all of the EC2 instances in a specific region and ask for 5 cloudwatch metrics (all the statistics available) for the past 2 weeks (each time 5 days back in 5 minutes interval which is exactly the 1440 quota). I'm using an assumed session:
session = Session(aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=regionName)
sts = session.client('sts')
response = sts.assume_role(
RoleArn=arn, # External role arn
RoleSessionName='role-name',
ExternalId='<some-id-here>',
)
tempAccessKeyId = response['Credentials']['AccessKeyId']
tempSecretAccessKey = response['Credentials']['SecretAccessKey']
tempSessionToken = response['Credentials']['SessionToken']
assumedSession = Session(
aws_access_key_id=tempAccessKeyId,
aws_secret_access_key=tempSecretAccessKey,
aws_session_token=tempSessionToken,
region_name=regionName)
While running the script I got this exception:
botocore.exceptions.ClientError: An error occurred (ExpiredToken) when calling the GetMetricStatistics operation: The security token included in the request is expired
Is there a way to make sure the token doesn't expire while running the script? I'm using boto3.
The assume_role method you are using returns temporary security credentials. The following is taken from the official documentation:
The temporary security credentials are valid for the duration that you specified when calling AssumeRole , which can be from 900 seconds (15 minutes) to 3600 seconds (1 hour). The default is 1 hour.
Since you are not using the DurationSeconds
keyword argument, the returned credentials are valid for the default 1 hour. You must make sure to get new credentials in order to make requests after 1 hour. See the following from the Temporary Security Credentials official documentation:
When (or even before) the temporary security credentials expire, the user can request new credentials, as long as the user requesting them still has permissions to do so.