Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CodeWhisperer with IdC (IAM Identity Center / SSO) never stays signed in for more than a few hours at a time #4361

Closed
doublehelix opened this issue Jan 31, 2024 · 2 comments
Closed

CodeWhisperer with IdC (IAM Identity Center / SSO) never stays signed in for more than a few hours at a time #4361

doublehelix opened this issue Jan 31, 2024 · 2 comments
Labels
auth-credentials authentication, authorization, credentials, AWS Builder ID, sso guidance General information and guidance, answers to FAQs, or recommended best practices/resources.

Comments

@doublehelix
Copy link

doublehelix commented Jan 31, 2024
edited

Problem

Similar to issues described in #3614, however AM Identity Center, and every few hours.

AWS: IAM Identity centre authentication disconnects form the AWS Toolkit for VSCode after a few hours.
I'm using CodeWhisperer primarily, but every few hours (between 4 and 6 normally) I get disconnected and have to re-authenticate.

Plugin sidebar info:
image

In the footer of VSCode:
image

So, I re-authenticate.
It's important to note, checking the This is a trusted device checkbox seems to do nothing.
If I have to re-authenticate even after a few hours, it asks for my username and password again. My sign-in to ap-southeast-2.signin.aws/platform/login never persists.
image

Then, I allow:

  • Enable Amazon CodeWhisperer analysis.
  • Enable Amazon CodeWhisperer completions.
  • Access to AWS IAM Identity Center accounts and permission sets.

image

Then after a few hours, it disconnects again, and I have to re-authenticate.
Each time I lose connection in VSCode, my browser session has also expired, and I have to re-enter my credentials from scratch.
("This is a trusted device" I presumed kept me logged in for 7 days as per )

Expected behavior

IAM stays logged in for up to 7 days

System details (run the AWS: About Toolkit command)

  • OS: Windows_NT x64 10.0.22631
  • Visual Studio Code extension host: 1.85.2
  • AWS Toolkit: 2.7.0
  • node: 18.15.0
  • electron: 25.9.7
@doublehelix doublehelix added the bug We can reproduce the issue and confirmed it is a bug. label Jan 31, 2024
@justinmk3 justinmk3 changed the title AWS Toolkit for VSCode never stays signed in for more than a few hours at a time CodeWhisperer with IdC never stays signed in for more than a few hours at a time Jan 31, 2024
@justinmk3 justinmk3 added the auth-credentials authentication, authorization, credentials, AWS Builder ID, sso label Jan 31, 2024
@justinmk3
Copy link
Contributor

The session timeout for AWS IAM Identity Center (IdC, CodeWhisperer "Professional tier") is controlled by the IdC administrator in the AWS console.

IdC now supports now supports a session maximum of 90 days (configurable by the IdC administrator).

But the default timeout is still 8 hours:

The default IAM Identity Center session duration continues to be eight (8) hours and any existing customer-configured session limits will remain unchanged.

This must be configured in AWS IdC, it's not controlled by AWS Toolkit nor the "This is a trusted device" checkbox.

@justinmk3 justinmk3 changed the title CodeWhisperer with IdC never stays signed in for more than a few hours at a time CodeWhisperer with IdC (IAM Identity Center) never stays signed in for more than a few hours at a time Jan 31, 2024
@justinmk3 justinmk3 changed the title CodeWhisperer with IdC (IAM Identity Center) never stays signed in for more than a few hours at a time CodeWhisperer with IdC (IAM Identity Center / SSO) never stays signed in for more than a few hours at a time Jan 31, 2024
@doublehelix
Copy link
Author

SOLVED

Our administrator has confirmed the AIM session timeout was set to 4 hours for "testing".
We've reset it to 30 days.
Will update if this doesn't solve the problem.
Resolved for now.

@justinmk3 justinmk3 added guidance General information and guidance, answers to FAQs, or recommended best practices/resources. and removed bug We can reproduce the issue and confirmed it is a bug. labels Feb 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth-credentials authentication, authorization, credentials, AWS Builder ID, sso guidance General information and guidance, answers to FAQs, or recommended best practices/resources.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@doublehelix @justinmk3