4

I am using the AWS CLI to communicate with my AWS account. I start by assuming a role in my AWS account with a command like this:

aws sts assume-role \
  --role-arn arn:aws:iam::000011112222:role/MyRole \
  --role-session-name my_session_name \
  --serial-number arn:aws:iam::333344445555:mfa/me \
  --token-code [redacted] \
  --duration-seconds 21600

At a later point I would like to use the AWS CLI to query AWS to understand how much time I have left in my role before the role expires.

Does an AWS CLI command exist for this purpose?

mon4goos
  • 1,569
  • 13
  • 24
  • Not aware of any way to do this. You get the expiration date/time in the response when you assume a role so you could persist that in a simple key/value store with TTL, but that's not ideal. – jarmod Feb 14 '22 at 17:44
  • this post might help: https://stackoverflow.com/a/73827313/8634361 it's a response to this original post, which asks a similar question: https://stackoverflow.com/q/63362712/8634361 – khanh nguyen Sep 23 '22 at 14:46

1 Answers1

0

I've not found a good solution for this; but a hacky solution that worked for me:

Looking under my .aws/sso/cache/ folder I found a number of json files.

Those JSON files represent recent sessions; these contain a property expiresAt which gives the expiry date for the related session.

On a Windows device you can run the below PowerShell to get a quick peek at whats in all these JSON files:

gci "$env:userprofile\.aws\sso\cache" -filter '*.json' | %{get-content $_.FullName -raw | convertfrom-json | fl}

JohnLBevan
  • 22,735
  • 13
  • 96
  • 178