From e5ff76a7514d8789530768a0ddf1d063ea0ac474 Mon Sep 17 00:00:00 2001
From: David Drewery <ddrewery@expedia.com>
Date: Tue, 22 Aug 2017 14:28:46 +1000
Subject: [PATCH] Add 'Period' support to AWS IAM token renewal

---
 builtin/credential/aws/path_login.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/builtin/credential/aws/path_login.go b/builtin/credential/aws/path_login.go
index 66effda56773..60547a8cf3ec 100644
--- a/builtin/credential/aws/path_login.go
+++ b/builtin/credential/aws/path_login.go
@@ -943,7 +943,13 @@ func (b *backend) pathLoginRenewIam(
 		}
 	}
 
-	return framework.LeaseExtend(roleEntry.TTL, roleEntry.MaxTTL, b.System())(req, data)
+	// If 'Period' is set on the role, then the token should never expire.
+	if roleEntry.Period > time.Duration(0) {
+		req.Auth.TTL = roleEntry.Period
+		return &logical.Response{Auth: req.Auth}, nil
+	} else {
+		return framework.LeaseExtend(roleEntry.TTL, roleEntry.MaxTTL, b.System())(req, data)
+	}
 }
 
 func (b *backend) pathLoginRenewEc2(