- Le plus récent
- Le plus de votes
- La plupart des commentaires
You can revoke the session permissions from a role by following the below document.
Hi there,
Yes, there is a way to revoke the AWS session token remotely in case the edge device gets compromised. You can use the AWS STS API to revoke the session token. The following steps show how to do this:
Go to the AWS Management Console and sign in to your account. Click on the Services tab and select IAM. In the Users section, click on the name of the user whose session token you want to revoke. On the user's details page, scroll down to the Session Credentials section. Click on the Revoke Session Token button. In the confirmation dialog box, click on the Revoke button. The AWS STS API will revoke the session token and the edge device will no longer be able to access AWS resources using that token.
Here is the AWS STS API command to revoke the session token:
aws sts revoke-session-token --session-token <session_token> Replace <session_token> with the actual session token.
You can also use the AWS CLI to revoke the session token. The following command shows how to do this:
aws sts revoke-session-token --session-token <session_token> Replace <session_token> with the actual session token.
Once you have revoked the session token, the edge device will no longer be able to access AWS resources using that token. You can then re-install the edge device and create a new session token.
Ok thanks. I tried looking for a way to do this. But the problem is that the session token is not connected to a user, but to a assumed role. Under the role in AIM I cannot see the generated tokens and thus not revoke them.
Follow that Post https://repost.aws/questions/QUWnFu8OxhSNulq-Vu70bAcQ/aws-cli-sts-logout and delete credentials. And other thing you could do is reduce the time off the activation role and maybe in the user that are using that permisión you could disable that capavility with a deny all
Contenus pertinents
- demandé il y a 4 mois
- demandé il y a un an
- demandé il y a 8 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 10 mois
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a un an
Thanks. Yes, I saw this, but this is for all assumed roles after a given time. This might be the only solution, but I was hoping for a way to revoke a single session for a single compromised device.