snazzyfox opened a new issue #8301: Support Duration in AwsHook when using assume role URL: https://github.com/apache/airflow/issues/8301 **Description** Boto3 `assume_role` [supports a `DurationSeconds` option](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sts.html#STS.Client.assume_role) to generate assumed role credentials valid for a specified duration, instead of the default of 1 hour. Airflow should also support specifying this option for `AwsHook`. **Use case / motivation** When an `AwsHook` is created with a connection that specifies a role, the hook internally calls STS and generates temporary credentials to use. These credentials are always valid for one hour since the hook does not pass the `DurationSeconds` parameter. Many airflow AWS operators perform long-polling, such as `ECSOperator` (to wait for task completion), `AwsAthenaOperator`, `DynamoDBToS3Operator` (to stream data in chunks), and many more. These operations can run for more than one hour on larger jobs. Since the credentials generated at hook creation time is only valid for one hour, these jobs will fail one hour after start because credentials in the hook are no longer valid. **Proposal** Add a `duration_seconds` attribute to connection extras for AWS Connections. In AwsHook, if using assumed role credentials and this extra exists, pass it through to the boto3 `assume_role` call. **Related Issues** None found
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
