An OpenCode plugin that automatically detects AWS authentication errors and refreshes credentials via aws sso login.
Add to your opencode.json:
{
"plugin": ["@devtheops/opencode-plugin-aws-auth-refresh"]
}Place in .opencode/plugins/aws-auth-refresh.ts or ~/.config/opencode/plugins/.
Configure in your opencode.json:
{
"plugin": [
["@devtheops/opencode-plugin-aws-auth-refresh", {
"profile": "my-aws-profile",
"autoRetry": true,
"maxRetries": 1,
"ssoLoginCommand": "aws sso login --profile my-profile --no-browser"
}]
]
}| Option | Type | Default | Description |
|---|---|---|---|
profile |
string |
AWS_PROFILE env or "default" |
AWS profile to use |
autoRetry |
boolean |
true |
Automatically retry the failed command after refresh |
maxRetries |
number |
1 |
Maximum number of retry attempts |
ssoLoginCommand |
string |
aws sso login --profile <profile> |
Custom SSO login command |
- Hooks into
tool.execute.afterto inspect tool outputs - Detects AWS authentication error patterns:
ExpiredTokenTokenRefreshRequiredThe security token included in the request is expiredUnable to locate credentials- And more...
- Runs
aws sso loginwith your configured profile - Optionally retries the failed command
ExpiredTokenTokenRefreshRequiredThe security token included in the request is expiredcredentials expiredUnable to locate credentialsMissing credentialscredentials could not be foundError retrieving credentialsEC2MetadataServiceError
- AWS CLI v2 installed
- Valid SSO configuration in
~/.aws/config
[aws-auth-refresh] AWS credentials expired, running: aws sso login --profile default
[aws-auth-refresh] AWS credentials refreshed successfully
[aws-auth-refresh] Retrying tool after credential refresh