From eb745fe265a565d3784b246250884f97a7826c75 Mon Sep 17 00:00:00 2001
From: Daniel Barnes <dabarnes2b@gmail.com>
Date: Mon, 10 Oct 2022 16:36:08 -0700
Subject: [PATCH] chore: update role duration description (#486)

* fix: role duration desc.

https://github.com/aws-actions/configure-aws-credentials/blob/67fbcbb121271f7775d2e7715933280b06314838/index.js#L10
https://github.com/aws-actions/configure-aws-credentials/blob/67fbcbb121271f7775d2e7715933280b06314838/index.js#L315

* bolding for better attention grabbing + session-token update

* spacing for attention

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
---
 README.md  | 9 ++++++---
 action.yml | 2 +-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index d099893..faf5d5c 100644
--- a/README.md
+++ b/README.md
@@ -77,9 +77,12 @@ We recommend following [Amazon IAM best practices](https://docs.aws.amazon.com/I
 
 ## Assuming a Role
 We recommend using [GitHub's OIDC provider](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services) to get short-lived credentials needed for your actions. 
-Specifying `role-to-assume` without providing an `aws-access-key-id` or a `web-identity-token-file` will signal to the action that you wish to use the OIDC provider.
-The default session duration is 1 hour when using the OIDC provider to directly assume an IAM Role.
-The default session duration is 6 hours when using an IAM User to assume an IAM Role (by providing an `aws-access-key-id`, `aws-secret-access-key`, and a `role-to-assume`) .
+Specifying `role-to-assume` **without** providing an `aws-access-key-id` or a `web-identity-token-file` will signal to the action that you wish to use the OIDC provider.
+
+The default session duration is **1 hour** when using the OIDC provider to directly assume an IAM Role or when an `aws-session-token` is directly provided.
+
+The default session duration is **6 hours** when using an IAM User to assume an IAM Role (by providing an `aws-access-key-id`, `aws-secret-access-key`, and a `role-to-assume`) .
+
 If you would like to adjust this you can pass a duration to `role-duration-seconds`, but the duration cannot exceed the maximum that was defined when the IAM Role was created.
 The default session name is GitHubActions, and you can modify it by specifying the desired name in `role-session-name`.
 The default audience is `sts.amazonaws.com` which you can replace by specifying the desired audience name in `audience`.
diff --git a/action.yml b/action.yml
index 17723b0..53337d3 100644
--- a/action.yml
+++ b/action.yml
@@ -44,7 +44,7 @@ inputs:
       assume an IAM role using a web identity. E.g., from within an Amazon EKS worker node
     required: false
   role-duration-seconds:
-    description: "Role duration in seconds (default: 6 hours)"
+    description: "Role duration in seconds (default: 6 hours, 1 hour for OIDC/specified aws-session-token)"
     required: false
   role-session-name:
     description: 'Role session name (default: GitHubActions)'