From a4f4e5bf34a1647870afa0b75cd3e042e6546fd3 Mon Sep 17 00:00:00 2001
From: EXPEddrewery <ddrewery@expedia.com>
Date: Tue, 22 Aug 2017 23:50:53 +1000
Subject: [PATCH] Add 'Period' support to AWS IAM token renewal (#3220)

---
 builtin/credential/aws/path_login.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/builtin/credential/aws/path_login.go b/builtin/credential/aws/path_login.go
index 66effda567..60547a8cf3 100644
--- a/builtin/credential/aws/path_login.go
+++ b/builtin/credential/aws/path_login.go
@@ -943,7 +943,13 @@ func (b *backend) pathLoginRenewIam(
 		}
 	}
 
-	return framework.LeaseExtend(roleEntry.TTL, roleEntry.MaxTTL, b.System())(req, data)
+	// If 'Period' is set on the role, then the token should never expire.
+	if roleEntry.Period > time.Duration(0) {
+		req.Auth.TTL = roleEntry.Period
+		return &logical.Response{Auth: req.Auth}, nil
+	} else {
+		return framework.LeaseExtend(roleEntry.TTL, roleEntry.MaxTTL, b.System())(req, data)
+	}
 }
 
 func (b *backend) pathLoginRenewEc2(