[BUG] AWS SSO credentials expire hourly despite longer session duration configuration
Environment
- Platform (select one):
- [ ] Anthropic API
- [X] AWS Bedrock
- [ ] Google Vertex AI
- [ ] Other: <!-- specify -->
- Claude CLI version: 0.2.53
- Operating System: 24.04.2 LTS (GNU/Linux 5.15.167.4-microsoft-standard-WSL2 x86_64)
- Terminal: Terminal
Bug Description
AWS SSO credentials expire prematurely in Claude Code despite longer configured session durations. Claude Code appears to only read credentials from ~/.aws/credentials once and doesn't implement the AWS SDK credential provider chain's refresh mechanism.
Steps to Reproduce
- Configure AWS SSO with session duration longer than 1 hour
- Configure AWS permission set duration longer than 1 hour
- Run
aws sso loginto authenticate - Launch Claude Code and connect to Bedrock
- Use Claude Code for approximately 1 hour
- Observe error regarding invalid AWS credentials
Expected Behavior
Claude Code should respect the configured AWS SSO session duration and permission set duration, automatically refreshing credentials as needed without requiring manual re-authentication.
Actual Behavior
Claude Code reports invalid AWS credentials after approximately 1 hour, requiring manual re-authentication via aws sso login. This occurs despite AWS CLI and other AWS SDK tools in the same terminal session continuing to work fine with the same credentials. Restarting Claude Code does not fix the issue without running aws sso login again.
This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗