I have a lambda that consumes data from another AWS account's Athena. So I have a role that my lambda assumes which have cross-account access. I had used STS client in my lambda. sometimes lambda is running perfectly fine and sometimes it breaks and gives me this error.
"errorMessage": "An error occurred (ExpiredTokenException) when calling the StartQueryExecution operation: The security token included in the request is expired", "errorType": "ClientError",
STS client i used in my code is :
def assume_role_to_session(role_arn, session_name):
client = boto3.client('sts')
response = client.assume_role(RoleArn=role_arn, RoleSessionName=session_name, DurationSeconds=900)
return boto3.Session(
aws_access_key_id=response['Credentials']['AccessKeyId'],
aws_secret_access_key=response['Credentials']['SecretAccessKey'],
aws_session_token=response['Credentials']['SessionToken'],
region_name='us-east-1')
assume_role_athena_session = assume_role_to_session(role_arn='arn:aws:iam::XXXXXXXXXXX:role/role-name',
session_name='AthenaLambdaSession')
How does this work? I want my lambda to run anytime not just sometimes. What could be the problem?