The upload of data to an AWS hosted SImA server fails. The SImA Loader log reports the following error:
APIClient: GET request failed - response status code: 500
APIClient: GET request failed - response content: /token - Error requesting data storage credentials An error occurred (ValidationError) when calling the AssumeRole operation: The requested DurationSeconds exceeds the MaxSessionDuration set for this role.
Error when retrieving STS upload token (for Minio).
gemma-client exited with code 1
An error occurred during upload: gemma-client exited with code 1
SImA specifies the AWS_STS_LIFETIME variable within the default.env file which is located inside the SImA installation directory. By default this is set to 12 hours (43200 seconds). If the duration that SImA requests is greater than the duration set on the AWS side then the error as shown above is thrown.
Check to see if the maximum session duration (the Lifetime of the STS token) for the AWS role has been explicitly set on the AWS side.
The Lifetime of the STS token used can be adjusted either on the AWS side or by adding a line to the custom.env file (located in the SImA installation directory).
For example, if you wanted to reduce the value to 10 hours the line to add to the custom.env file would be:
AWS_STS_LIFETIME=36000
It is necessary to redeploy the SImA stack as described here in order for the change to take effect.