An OpenCode plugin that automatically detects AWS authentication errors and refreshes credentials via aws sso login.
Add to your opencode.json:
{
"plugin": ["@devtheops/opencode-plugin-aws-auth-refresh"]
}Place in .opencode/plugins/aws-auth-refresh.ts or ~/.config/opencode/plugins/.
OpenCode plugin entries can be either a string or a [pluginName, options] tuple. To pass options to this plugin, use the tuple form:
{
"plugin": [
[
"@devtheops/opencode-plugin-aws-auth-refresh",
{
"profile": "my-aws-profile",
"autoRetry": true,
"maxRetries": 1,
"ssoLoginCommand": "aws sso login --profile my-aws-profile --no-browser"
}
]
]
}If you do not need any plugin-specific options, use the string form instead:
{
"plugin": ["@devtheops/opencode-plugin-aws-auth-refresh"]
}If you prefer not to set profile in config, the plugin falls back to AWS_PROFILE, then to default.
| Option | Type | Default | Description |
|---|---|---|---|
profile |
string |
AWS_PROFILE env or "default" |
AWS profile to use |
autoRetry |
boolean |
true |
Automatically retry the failed command after refresh |
maxRetries |
number |
1 |
Maximum number of retry attempts |
ssoLoginCommand |
string |
aws sso login --profile <profile> |
Custom SSO login command |
- Hooks into
tool.execute.afterto inspect tool outputs - Detects AWS authentication error patterns:
ExpiredTokenTokenRefreshRequiredThe security token included in the request is expiredUnable to locate credentials- And more...
- Runs
aws sso loginwith your configured profile - Optionally retries the failed command
ExpiredTokenTokenRefreshRequiredThe security token included in the request is expiredcredentials expiredUnable to locate credentialsMissing credentialscredentials could not be foundError retrieving credentialsEC2MetadataServiceError
- AWS CLI v2 installed
- Valid SSO configuration in
~/.aws/config
[aws-auth-refresh] AWS credentials expired, running: aws sso login --profile default
[aws-auth-refresh] AWS credentials refreshed successfully
[aws-auth-refresh] Retrying tool after credential refresh