[Bug]: Should not retry expired credentials

[YakDriver]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Environment and Versions

# any

Debug

<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
  <Type>Sender</Type>
  <Code>ExpiredToken</Code>
  <Message>The security token included in the request is expired</Message>
</Error>
<RequestId>01234567-89ab-cdef-0123-456789abcdef</RequestId>
</ErrorResponse>

Expected Behavior

If you attempt to create a new session with expired credentials, it should fail fast and report the error nearly immediately.

Actual Behavior

It does retry/backoff causing long or terminal delays in reporting the expired credentials error.

Note: #23 and hashicorp/terraform-provider-aws#6992 take the approach of adding a flag to avoid this retrying behavior. However, after discussions with the AWS Provider team, security, and a former AWS Provider engineer, there appears to be no situation in which an expired credential would ever become unexpired. In other words, long retrying efforts are a bug that can be fixed without adding a new flag (e.g., stop_on_expired_creds).

Steps to Reproduce

1. Use an expired credential
2. terraform apply

References

Are there any other GitHub issues (open or closed) or pull requests that should be linked here? Terraform or AWS documentation?

• Introduce settings flag to stop execution if expired credentials error happen #23
• Introduce settings flag to stop execution if credentials were expired terraform-provider-aws#6992