Aws-cli: running aws configure does not clear aws_session_token
Running aws configure does not clear aws_session_token from the credentials file. Is this expected behavior or should it clear aws_session_token?
Save the following to ~/.aws/credentials
[default]
aws_access_key_id = blah
aws_secret_access_key = blah
aws_session_token=blah
Run aws configure and enter a new access key and secret access key.
Inspect ~/.aws/credentials
EXPECTING: I was thinking aws_session_token should be removed?
ACTUAL: aws_session_token exists. Any future aws client calls fail since this security token is not invalid with the new access key.
joshunger
All 4 comments
This is expected behavior. There is not any special logic with the aws configure command. It just displays and sets the value for some of the possible config values.
If you want to set the session token value, you will have to do it manually.
Let me know if you have any follow up questions.
kyleknap
on 26 May 2015
Closing. Please reopen if any updates come in or if you have any further questions.
kyleknap
on 1 Jun 2015
Why was this issue closed? If someone configures their default profile with STS creds and then later runs aws configure to setup new creds it shouldn't just leave the old session token in there. The default block should be cleared out..
brianantonelli
on 16 Feb 2017
@kyleknap
If you want to set the session token value, you will have to do it manually.
How do we clear it manually?
theBull
on 2 Feb 2019
Related issues
ikim23
路
3Comments
KimberleySDU
路
3Comments
alexejk
路
3Comments
975204
路
3Comments
ronaldpetty
路
3Comments
Most helpful comment
Why was this issue closed? If someone configures their default profile with STS creds and then later runs
aws configureto setup new creds it shouldn't just leave the old session token in there. The default block should be cleared out..