Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

How can I prevent aws console from signing out?

1

My aws main console is automatically signed out about every 24 hours. Then I have to sign back in and have to go through the security check screen again. It only takes a few seconds but it's annoying to do so everyday. How can I turn this off? I keep my computer on 24/7 and don't even close my browser, so I shouldn't have to sign on every day. Usually with other platforms you only need to go through security check (enter those letters and numbers combo) when you log on from a different address for the first time. Our business only run simple EC2 instances and doesn't need high level security measures. Please advise, thanks!

Temas
Gestión y gobierno
Etiquetas
AWS Account Management
Idioma
English
AWS-User-0781592
preguntada hace 2 años5073 visualizaciones
3 Respuestas
0

If you are using the console and IAM credentials: For security purposes, a login session will expire 12 hours after you sign in to the AWS Management Console with your AWS or IAM account credentials. To resume your work after the session expires, choose Click login to continue and log in again. The duration of federated sessions varies depending on the federation API (GetFederationToken or AssumeRole) and the administrator’s preference. Please go to our Security Blog to learn more about building a secure delegation solution to grant temporary access to your AWS account.

If you opt to use SAML: then you can restrict it to as low as 15 minutes to as high as 36 hours. Create a URL that Enables Federated Users to Access the AWS Management Console: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html

AWS
AWS-User-2213811
respondido hace 2 años
0

I'd argue that re-authenticating once a day (or every 12-hour here) is not "high level security measures", and should be considered as a baseline. Almost by any standard, the recommendation is not to keep a session alive more that that regardless of activity, for obvious security reasons. (e.g. see 4.2.3 of the NIST digital identity guidelines) So, even if it was possible, I highly recommend not having a session time out greater than 12 hours.

AWS
EXPERTO
Faraz_AWS
respondido hace 2 años
  • rePost-User-6613293
    hace un año

    NIST digital identity guidelines have a target audience of "federal systems" (as stated on that page), where "high level security measures" would in fact apply. AWS could offer an option to customize session duration, as 12 hours is insufficient even for a single business day, including when dealing with shared terminals. Azure, IBM, Google, and Cloudflare offer an option to "stay logged in", which terminates the session using other heuristics instead of the rudimentary timeout. Either solution would be appropriate for non-"federal systems" (aka almost every AWS customer).

0

12-hour is the maximum session duration.

For AWS console, mentioned in https://aws.amazon.com/console/features/

The AWS Management Console gives you secure login using your AWS or IAM account credentials. For added security, your login session automatically expires after 12 hours.

For SSO or IAM Identity Center, mentioned in https://docs.aws.amazon.com/singlesignon/latest/userguide/howtosessionduration.html

When you create a new permission set, the session duration is set to 1 hour (in seconds) by default. The minimum session duration is 1 hour, and can be set to a maximum of 12 hours.

respondido hace 7 días

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante