Skip to content

Commit f0887e7

Browse files
author
Yuchao Liang
committed
fix(client-sts): disable stsClient cache
- sourceCreds can be expired
1 parent 4e99b8d commit f0887e7

File tree

2 files changed

+12
-18
lines changed

2 files changed

+12
-18
lines changed

clients/client-sts/defaultStsRoleAssumers.ts

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -38,16 +38,13 @@ export const getDefaultRoleAssumer = (
3838
stsOptions: Pick<STSClientConfig, "logger" | "region">,
3939
stsClientCtor: new (options: STSClientConfig) => STSClient
4040
): RoleAssumer => {
41-
let stsClient: STSClient;
4241
return async (sourceCreds, params) => {
43-
if (!stsClient) {
44-
const { logger, region } = stsOptions;
45-
stsClient = new stsClientCtor({
46-
logger,
47-
credentials: sourceCreds,
48-
region: decorateDefaultRegion(region),
49-
});
50-
}
42+
const { logger, region } = stsOptions;
43+
const stsClient = new stsClientCtor({
44+
logger,
45+
credentials: sourceCreds,
46+
region: decorateDefaultRegion(region),
47+
});
5148
const { Credentials } = await stsClient.send(new AssumeRoleCommand(params));
5249
if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
5350
throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`);

codegen/smithy-aws-typescript-codegen/src/main/resources/software/amazon/smithy/aws/typescript/codegen/sts-client-defaultStsRoleAssumers.ts

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -38,16 +38,13 @@ export const getDefaultRoleAssumer = (
3838
stsOptions: Pick<STSClientConfig, "logger" | "region">,
3939
stsClientCtor: new (options: STSClientConfig) => STSClient
4040
): RoleAssumer => {
41-
let stsClient: STSClient;
4241
return async (sourceCreds, params) => {
43-
if (!stsClient) {
44-
const { logger, region } = stsOptions;
45-
stsClient = new stsClientCtor({
46-
logger,
47-
credentials: sourceCreds,
48-
region: decorateDefaultRegion(region),
49-
});
50-
}
42+
const { logger, region } = stsOptions;
43+
const stsClient = new stsClientCtor({
44+
logger,
45+
credentials: sourceCreds,
46+
region: decorateDefaultRegion(region),
47+
});
5148
const { Credentials } = await stsClient.send(new AssumeRoleCommand(params));
5249
if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
5350
throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`);

0 commit comments

Comments
 (0)