How to refresh token in STS connection and S3 connection in AWS? Receiving expired token error in boto3 operation

Question

I'm new in Python and programming so I appreciate any help.

I'm making a connection with another AWS account, so I need to make a sts connection from the assume role and then connect with the S3 of the other account. I need to perform a copy object operation that will take hours, and I got this error:

botocore.exceptions.ClientError: An error occurred (ExpiredToken) when calling the CopyObject operation: The provided token has expired.

My code is like this at the time of running make the connections sts and s3:

def credential_assume_role(client):
    sts_connection = client

    assumed_role_object = sts_connection.assume_role(
        RoleArn="arn:roleexample",
        RoleSessionName="cross_acct_ecs"
    )
    return assumed_role_object['Credentials']

def main():
    credentials = credential_assume_role(boto3.client('sts'))
    s3_client = boto3.client(
        's3',
        aws_access_key_id=credentials['AccessKeyId'],
        aws_secret_access_key=credentials['SecretAccessKey'],
        aws_session_token=credentials['SessionToken'],
    )

I'm reading about the RefreshableCredentials lib in boto3 but I still don't quite understand the concept.

Any suggestions for me to be able to recreate the token after this 1 hour?

Answer 1

Your AWS session token has expired. If your copy operation takes more time than the lifespan of the token then you need to ask your AWS admin to increase the time limit of your token.