Feature: Renewing STS credentials without prompting for password again.

I have been trying out this command-line tool to move our AWS Users over to SAML, including their CLI usage. Unfortunately you always need to sign-in again after 1 hour. Some of our users run processes which take more than an hour to complete and need AWS access throughout the process.

AWS allows SAML users to stay signed in for up to 12 hours. Amazon STS still only allows the generated keys to last for up to 1 hour.

I would love if this command-line tool would allow me to stay signed in, such that I don’t have to re-enter my password every hour.

I have two ideas for how to achieve this:

1. Introduce a command-line switch such as --auto, which keeps the script running, remembering the user password in memory, and automatically re-authenticating when the time is about to run out.
2. Grab the cookie which contains the token, and write it to the ~/.aws/config file, and when running the command again, check if the token is still valid, and generate a new STS credential.

The two tactics might even be complementary, such that the --auto parameter makes the script wait until the credentials are about to expire, and then re-authenticates using the token in step 2.

I have not looked deeply into the options for solving this, but I might be able to create a Pull Request, I would just like to know what method would be preferred.