{{ message }}
Validate roleArn and durationSeconds before STS AssumeRole call#156
Merged
Conversation
Co-authored-by: stevehu <2042337+stevehu@users.noreply.github.com>
Contributor
Author
Copilot
AI
changed the title
[WIP] [WIP] Address feedback on AWS STS support for lambda invoker in PR #154
Validate roleArn and durationSeconds before STS AssumeRole call
Mar 20, 2026
stevehu
approved these changes
Mar 20, 2026
stevehu
added a commit
that referenced
this pull request
Mar 20, 2026
* fixes #154 support AWS STS on the lambda invoker * Update lambda-invoker/src/main/java/com/networknt/aws/lambda/LambdaFunctionHandler.java Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update lambda-invoker/src/main/java/com/networknt/aws/lambda/LambdaFunctionHandler.java Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update lambda-invoker/src/main/resources/config/lambda-invoker.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update lambda-invoker/src/main/resources/config/lambda-invoker.yaml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Validate roleArn and durationSeconds before STS AssumeRole call (#156) * Initial plan * Add validation for roleArn and durationSeconds before STS AssumeRole Co-authored-by: stevehu <2042337+stevehu@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: stevehu <2042337+stevehu@users.noreply.github.com> * Add unit tests for STS-enabled code path in LambdaFunctionHandler (#157) * Initial plan * Add unit tests for STS code path in LambdaFunctionHandler Co-authored-by: stevehu <2042337+stevehu@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: stevehu <2042337+stevehu@users.noreply.github.com> Co-authored-by: Steve Hu <stevehu@gmail.com> * Use StsAssumeRoleCredentialsProvider for automatic STS credential refresh (#158) * Initial plan * Replace StaticCredentialsProvider with StsAssumeRoleCredentialsProvider for automatic credential refresh Co-authored-by: stevehu <2042337+stevehu@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: stevehu <2042337+stevehu@users.noreply.github.com> Co-authored-by: Steve Hu <stevehu@gmail.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: stevehu <2042337+stevehu@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When
stsEnabledistrue, missing or invalidroleArn/durationSecondsconfig values would silently propagate to the AWS SDK and produce opaque runtime exceptions. This adds early, explicit validation with clear error messages before any STS call is made.Changes
assumeRole()pre-flight validationIllegalArgumentExceptionifroleArnis empty/nullIllegalArgumentExceptionifdurationSecondsis outside the AWS STS bounds (900–43200), including the invalid value in the messagetry-catchblock so they surface as configuration errors, not wrappedRuntimeExceptions💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.