to refresh the credential from IAM only after its in the last
15 seconds of its life according to its expired_at field
This poses a problem when using the library to generate short
lived pre-signed URLs in AWS S3 where the issued URLs
with temporary tokens expire the same time as the IAM credential
that generated them:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html
For example, if the credentials is in its last 16 seconds of life
and a token has been generated for pre-signed URLs with a life
request of 10 minutes, the URL ends up living only 16 seconds.
By allowing the caller to configure the refresh threshold a
larger buffer of time can be specified when using IAM credentials
allowing for the generated URLs to life a more definitive time.
This change adds a configuration option that can be passed by
callers to expand (or narrow) the threshold of time used by the
refresh credentials mechanism to decide if a new token needs
to be fetched.
Configuration option is called
'aws_credentials_refresh_threshold_seconds'
Following the same example, setting this new option to 10 minutes
can help guarantee that pre-signed URLs generated for 10 minutes
will always last that long.
Unless I've completely missed it, I can't easily find a link to the (excellent) documentation for `fog-aws` — it'd be nice to include it directly in the README.
