From 364d30aeeba6feac7e85a7f0a0c16ab4ef05b410 Mon Sep 17 00:00:00 2001
From: dsumsky <david.sumsky@infor.com>
Date: Thu, 3 Nov 2016 14:04:47 +0100
Subject: [PATCH 1/2] - Fix STS credentials reusage.

---
 awslimitchecker/connectable.py | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/awslimitchecker/connectable.py b/awslimitchecker/connectable.py
index aac7732b..bcabed0e 100644
--- a/awslimitchecker/connectable.py
+++ b/awslimitchecker/connectable.py
@@ -59,6 +59,7 @@ def __init__(self, creds_dict):
         self.expiration = creds_dict['Credentials']['Expiration']
         self.assumed_role_id = creds_dict['AssumedRoleUser']['AssumedRoleId']
         self.assumed_role_arn = creds_dict['AssumedRoleUser']['Arn']
+        self.account_id = creds_dict['account_id']
 
 
 class Connectable(object):
@@ -93,8 +94,15 @@ def _boto3_connection_kwargs(self):
                              self.region)
                 Connectable.credentials = self._get_sts_token()
             else:
-                logger.debug("Reusing previous STS credentials for account %s",
-                             self.account_id)
+                if self.account_id == Connectable.credentials.account_id:
+                    logger.debug("Reusing previous STS credentials for account %s",
+                                 self.account_id)
+                else:
+                    logger.debug("Previous STS credentials are for account %s", Connectable.credentials.account_id)
+                    logger.debug("Connecting for account %s role '%s' with STS "
+                                 "(region: %s)", self.account_id, self.account_role,
+                                 self.region)
+                    Connectable.credentials = self._get_sts_token()
             kwargs['aws_access_key_id'] = Connectable.credentials.access_key
             kwargs['aws_secret_access_key'] = Connectable.credentials.secret_key
             kwargs['aws_session_token'] = Connectable.credentials.session_token
@@ -167,7 +175,8 @@ def _get_sts_token(self):
         if self.mfa_token is not None:
             assume_kwargs['TokenCode'] = self.mfa_token
         role = sts.assume_role(**assume_kwargs)
+
+        role['account_id'] = self.account_id
+
         creds = ConnectableCredentials(role)
-        logger.debug("Got STS credentials for role; access_key_id=%s",
-                     creds.access_key)
         return creds

From c913b2651a2fe8c8accc9da71c8f4128aa7bef64 Mon Sep 17 00:00:00 2001
From: dsumsky <david.sumsky@infor.com>
Date: Thu, 3 Nov 2016 14:11:36 +0100
Subject: [PATCH 2/2] Added cred logging message which I deleted by mistake.

---
 awslimitchecker/connectable.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/awslimitchecker/connectable.py b/awslimitchecker/connectable.py
index bcabed0e..865bb208 100644
--- a/awslimitchecker/connectable.py
+++ b/awslimitchecker/connectable.py
@@ -179,4 +179,7 @@ def _get_sts_token(self):
         role['account_id'] = self.account_id
 
         creds = ConnectableCredentials(role)
+
+        logger.debug("Got STS credentials for role; access_key_id=%s",
+                     creds.access_key)
         return creds