v.23.3Improvement
Add Expiration Window for S3 Credentials to Prevent ExpiredToken Errors
Add an expiration window for S3 credentials that have an expiration time to avoidExpiredTokenerrors in some edge cases. It can be controlled withexpiration_window_secondsconfig, the default is 120 seconds. #47423 (Antonio Andelic).
Why it matters
This feature addresses the issue where S3 credentials expire exactly at their expiration time, causingExpiredToken errors. By introducing an expiration window, ClickHouse refreshes the credentials earlier, improving stability and reducing authentication failures when accessing S3.How to use it
Users can control this behavior with theexpiration_window_seconds configuration parameter. The default value is 120 seconds, meaning ClickHouse will consider credentials expired 2 minutes before their actual expiration time to avoid token errors. To apply, set expiration_window_seconds in the S3 configuration section.