You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After successfully installing ssm agent on our on-prem servers and registered them to an AWS hybrid activation with an IAM role, we updated /etc/amazon/ssm/amazon-ssm-agent.json and set Profile.KeyAutoRotateDays = 1, based on https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-install-managed-win.html. That way, we are using the default AWS profile that the ssm agent registration generates to access our AWS resources.
But we observed that the default AWS credentials (i.e., .aws/credentials) are actually refreshing on themselves every 30 minutes instead of 1 day, as the logs shown below. Is this a bug in the amazon-ssm-agent or something we didn't configure properly?
Jun 07 17:02:42 xxx amazon-ssm-agent[6457]: 2024-06-07 17:02:42 INFO [CredentialRefresher] Next credential rotation will be in 29.99605312208333 minutes
Jun 07 17:03:20 xxx amazon-ssm-agent[15189]: 2024-06-07 17:03:20 INFO [CredentialRefresher] Next credential rotation will be in 29.36831954595 minutes
Jun 07 17:32:42 xxx amazon-ssm-agent[15189]: 2024-06-07 17:32:42 INFO [CredentialRefresher] Next credential rotation will be in 29.9960379675 minutes
Jun 07 18:02:42 xxx amazon-ssm-agent[15189]: 2024-06-07 18:02:42 INFO [CredentialRefresher] Next credential rotation will be in 29.9959407481 minutes
Appreciate if anyone can help.
The text was updated successfully, but these errors were encountered:
hxiao-godaddy
changed the title
The default credentials are rotated every 30 minutes even though "Profile.KeyAutoRotateDays = 1" in set in the ssm-agent config
The default credentials are rotated every 30 minutes even though "Profile.KeyAutoRotateDays = 1" is set in the ssm-agent config
Jun 8, 2024
After successfully installing ssm agent on our on-prem servers and registered them to an AWS hybrid activation with an IAM role, we updated
/etc/amazon/ssm/amazon-ssm-agent.json
and setProfile.KeyAutoRotateDays = 1
, based on https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-install-managed-win.html. That way, we are using the default AWS profile that the ssm agent registration generates to access our AWS resources.But we observed that the default AWS credentials (i.e., .aws/credentials) are actually refreshing on themselves every 30 minutes instead of 1 day, as the logs shown below. Is this a bug in the amazon-ssm-agent or something we didn't configure properly?
Appreciate if anyone can help.
The text was updated successfully, but these errors were encountered: