SQS/ S3 does not refresh access tokens when run locally with AWS_PROFILE

[onkobu]

Type: Bug

Component:
"S3", "Secrets Manager", "SQS"

Describe the bug
When running locally with AWS_PROFILE enabled the application can access SQS and S3 with credentials from given profile and credentials-file. When they expire, they are not reloaded automatically.

I am aware of #691 and #911 as well as explicit reloading through scheduled configuration replacements like in https://stackoverflow.com/questions/78854286/how-do-you-refresh-temporary-aws-credentials-in-a-spring-boot-java-app

Does spring-cloud-aws subscribe to changes of the credentials file on file system level at all? An external process refreshes this for our application since our max TTL for tokens is <15min. I am uncertain if this feature is supported at all – reload from disk upon changes.

Is it always on behalf of the application to re-create client beans when credentials refresh?

(Issue 911 has it in the comments, that client beans would have to be reloaded automatically. Instead they could lazy load the credentials. Also concluding this from the exensive use of Suppliers for the file resource.)

[maciejwalkowiak]

For temporary credentials we support only STS - there is nothing specific for reacting to credential file changes in the file system. Basically we provide only convenient way to auto configure credentials providers from AWS SDK, so if you're missing any functionality you can either implement your own credentials provider or file an issue in AWS SDK project.