JSONFileCache.__setitem__ not multi-process safe.

[Ramyak]

Describe the bug

If multiple aws commands run at the same time and sets the .aws/cli/cache/*.json, the cache file could get corrupted (not a valid json)

We noticed corrupted .aws/cli/cache/*.json file.

1. cache key is always the same - sha1 of args (which is just role arn and serial number) (makes sense) [code]
2. JSONFileCache.__setitem__ (is not multi-process/thread safe) just does os.fdopen [code]. If multiple processes open the file and write to this file at the same time, it could get corrupted (not valid json)

2025-07-31 11:21:08,705 - MainThread - botocore.credentials - DEBUG - hii in _create_cache_key args={"RoleArn": "arn:aws:iam::<accountid>:role/role", "SerialNumber": "arn:aws:iam::<accountid>:mfa/<mfa>"}
2025-07-31 11:21:08,705 - MainThread - botocore.credentials - DEBUG - hii argument_hash=<same_key_always>
2025-07-31 11:21:14,022 - MainThread - botocore.credentials - DEBUG - hii type(self._cache)=<class 'botocore.utils.JSONFileCache'>
2025-07-31 11:21:14,022 - MainThread - botocore.utils - DEBUG - hiii __setitem__ = /Users/<user>/.aws/cli/cache/<same_key_always>.json



2025-07-31 11:20:17,696 - MainThread - botocore.credentials - DEBUG - hii in _create_cache_key args={"RoleArn": "arn:aws:iam::<accountid>:role/role", "SerialNumber": "arn:aws:iam::<accountid>:mfa/<mfa>"}
2025-07-31 11:20:17,696 - MainThread - botocore.credentials - DEBUG - hii argument_hash=<<same_key_always>>
2025-07-31 11:20:22,562 - MainThread - botocore.utils - DEBUG - hiii __setitem__ = /Users/<user>/.aws/cli/cache/<same_key_always>.json

Regression Issue

• Select this option if this issue appears to be a regression.

Expected Behavior

/Users/<user>/.aws/cli/cache/<same_key_always>.json to always have valid json

Current Behavior

/Users/<user>/.aws/cli/cache/<same_key_always>.json under some race condition can store invalid json

Reproduction Steps

I dont have clear reproduction steps. Run many aws cli without the cache file.

Possible Solution

Make JSONFileCache.__setitem__ function multi process safe.

Additional Information/Context

No response

CLI version used

aws-cli/2.26.1

Environment details (OS name and version, etc.)

Mac

[adev-code]

Hi @Ramyak, thanks for reaching out. From the above, I don't see any corruption and that said is there a sample "corrupted file" that you see (please redact sensitive information)? Also, would there be a minimal repro for the issue? Knowing the use case and how this came about would help investigate.

[Ramyak]

It is a race condition. We have not invested to try to reproduce the bug.

One of my team member saw this file in .aws/cli/cache/*.json

....
"content-type": "text/xml", "content-length": "2119", "date": "Wed, 30 Jul 2025 20:39:28 GMT"}, "RetryAttempts": 0}}ntent-length": "2119", "date": "Wed, 30 Jul 2025 20:39:28 GMT"}, "RetryAttempts": 0}}

Looking at the code, it is clearly possible.