We are using aws-sdk to get temporary credential information from the Cognito ID pool in order to send requests from our front-end web application to the API Gateway that has been configured for authorization by the IAM authorizer. The credential information expiration time is 1 hour by default, is there any way to change the expiration time?
const client = new CognitoIdentityClient({ region: process.env.VUE_APP_AWS_REGION });
const getIdCommandInput = {
AccountId: process.env.VUE_APP_AWS_ACCOUNT_ID,
IdentityPoolId: process.env.VUE_APP_COGNITO_AUTH_IDENTITY_POOL_ID,
Logins: {}
};
const userPool = `cognito-idp.${process.env.VUE_APP_AWS_REGION}.amazonaws.com/${process.env.VUE_APP_COGNITO_AUTH_USER_POOL_ID}`;
getIdCommandInput.Logins[userPool] = store.state.authenticateResult.idToken;
const getIdCommand = new GetIdCommand(getIdCommandInput);
const identityIdResponse = await client.send(getIdCommand);
const getCredentialsForIdentityCommandInput = {
IdentityId: identityIdResponse.IdentityId,
Logins: {}
};
getCredentialsForIdentityCommandInput.Logins[userPool] = store.state.authenticateResult.idToken;
const getCredentialsForIdentityCommand = new GetCredentialsForIdentityCommand(getCredentialsForIdentityCommandInput);
const credentialsResponse = await client.send(getCredentialsForIdentityCommand);
When the credential information is retrieved with the above code, the Expiration property contains the date and time one hour later.
I tried the following, but there was no change in the 1-hour expiration.
(1) Change the "maximum session time" of IAM roles set to "authenticated roles" in the Cognito identity pool to 2 hours.
(2) Change the "Maximum session time" of IAM roles set to groups in the Cognito user pool to 2 hours.
AWS 官方已更新 1 年前