The default credentials are rotated every 30 minutes even though "Profile.KeyAutoRotateDays = 1" is set in the ssm-agent config

[hxiao-godaddy]

After successfully installing ssm agent on our on-prem servers and registered them to an AWS hybrid activation with an IAM role, we updated /etc/amazon/ssm/amazon-ssm-agent.json and set Profile.KeyAutoRotateDays = 1, based on https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-install-managed-win.html. That way, we are using the default AWS profile that the ssm agent registration generates to access our AWS resources.

But we observed that the default AWS credentials (i.e., .aws/credentials) are actually refreshing on themselves every 30 minutes instead of 1 day, as the logs shown below. Is this a bug in the amazon-ssm-agent or something we didn't configure properly?

Jun 07 17:02:42 xxx amazon-ssm-agent[6457]: 2024-06-07 17:02:42 INFO [CredentialRefresher] Next credential rotation will be in 29.99605312208333 minutes
Jun 07 17:03:20 xxx amazon-ssm-agent[15189]: 2024-06-07 17:03:20 INFO [CredentialRefresher] Next credential rotation will be in 29.36831954595 minutes
Jun 07 17:32:42 xxx amazon-ssm-agent[15189]: 2024-06-07 17:32:42 INFO [CredentialRefresher] Next credential rotation will be in 29.9960379675 minutes
Jun 07 18:02:42 xxx amazon-ssm-agent[15189]: 2024-06-07 18:02:42 INFO [CredentialRefresher] Next credential rotation will be in 29.9959407481 minutes

Appreciate if anyone can help.