From 7b493cbfde139aa48722f9788df24300adf62acb Mon Sep 17 00:00:00 2001
From: Andrew Williams <andrew.williams@portwest.com>
Date: Fri, 14 Nov 2025 09:20:34 +0000
Subject: [PATCH] [shell-common] Add AWS credentials check

---
 shell-common/.config/shell-common/aws.sh | 26 ++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/shell-common/.config/shell-common/aws.sh b/shell-common/.config/shell-common/aws.sh
index 7a21d0e..2417a5c 100644
--- a/shell-common/.config/shell-common/aws.sh
+++ b/shell-common/.config/shell-common/aws.sh
@@ -71,10 +71,36 @@ function awslogout() {
     unset AWS_ACCESS_KEY_ID
     unset AWS_SECRET_ACCESS_KEY
     unset AWS_SESSION_TOKEN
+    unset AWS_CREDENTIAL_EXPIRATION
     export AWS_PROFILE_DISPLAY=""
     echo "AWS profile and credentials cleared."
 }
 
+function check_aws_expiration() {
+    if [[ -n "$AWS_CREDENTIAL_EXPIRATION" ]]; then
+        local expiration_epoch
+        local current_epoch
+
+        # Convert expiration time to epoch (handles ISO 8601 format)
+        if command -v gdate &> /dev/null; then
+            # macOS with GNU coreutils installed
+            expiration_epoch=$(gdate -d "$AWS_CREDENTIAL_EXPIRATION" +%s 2>/dev/null)
+            current_epoch=$(gdate +%s)
+        else
+            # macOS with BSD date
+            expiration_epoch=$(date -j -f "%Y-%m-%dT%H:%M:%S%z" "$AWS_CREDENTIAL_EXPIRATION" +%s 2>/dev/null)
+            current_epoch=$(date +%s)
+        fi
+
+        if [[ $? -eq 0 && -n "$expiration_epoch" ]]; then
+            if [[ $current_epoch -ge $expiration_epoch ]]; then
+                echo "AWS credentials have expired. Logging out..."
+                awslogout
+            fi
+        fi
+    fi
+}
+
 # easy access to SSH
 function awsssh() {
     local profile=""