[BUG] AWS SSO credentials expire hourly despite longer session duration configuration

Resolved 💬 6 comments Opened Mar 22, 2025 by danielwells Closed May 1, 2025

Environment

  • Platform (select one):
  • [ ] Anthropic API
  • [X] AWS Bedrock
  • [ ] Google Vertex AI
  • [ ] Other: <!-- specify -->
  • Claude CLI version: 0.2.53
  • Operating System: 24.04.2 LTS (GNU/Linux 5.15.167.4-microsoft-standard-WSL2 x86_64)
  • Terminal: Terminal

Bug Description

AWS SSO credentials expire prematurely in Claude Code despite longer configured session durations. Claude Code appears to only read credentials from ~/.aws/credentials once and doesn't implement the AWS SDK credential provider chain's refresh mechanism.

Steps to Reproduce

  1. Configure AWS SSO with session duration longer than 1 hour
  2. Configure AWS permission set duration longer than 1 hour
  3. Run aws sso login to authenticate
  4. Launch Claude Code and connect to Bedrock
  5. Use Claude Code for approximately 1 hour
  6. Observe error regarding invalid AWS credentials

Expected Behavior

Claude Code should respect the configured AWS SSO session duration and permission set duration, automatically refreshing credentials as needed without requiring manual re-authentication.

Actual Behavior

Claude Code reports invalid AWS credentials after approximately 1 hour, requiring manual re-authentication via aws sso login. This occurs despite AWS CLI and other AWS SDK tools in the same terminal session continuing to work fine with the same credentials. Restarting Claude Code does not fix the issue without running aws sso login again.

View original on GitHub ↗

This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗