En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

How can I prevent aws console from signing out?

1

My aws main console is automatically signed out about every 24 hours. Then I have to sign back in and have to go through the security check screen again. It only takes a few seconds but it's annoying to do so everyday. How can I turn this off? I keep my computer on 24/7 and don't even close my browser, so I shouldn't have to sign on every day. Usually with other platforms you only need to go through security check (enter those letters and numbers combo) when you log on from a different address for the first time. Our business only run simple EC2 instances and doesn't need high level security measures. Please advise, thanks!

Sujets
Gestion et gouvernance
Balises
AWS Account Management
Langue
English
AWS-User-0781592
demandé il y a 2 ans5073 vues
3 réponses
0

If you are using the console and IAM credentials: For security purposes, a login session will expire 12 hours after you sign in to the AWS Management Console with your AWS or IAM account credentials. To resume your work after the session expires, choose Click login to continue and log in again. The duration of federated sessions varies depending on the federation API (GetFederationToken or AssumeRole) and the administrator’s preference. Please go to our Security Blog to learn more about building a secure delegation solution to grant temporary access to your AWS account.

If you opt to use SAML: then you can restrict it to as low as 15 minutes to as high as 36 hours. Create a URL that Enables Federated Users to Access the AWS Management Console: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html

AWS
AWS-User-2213811
répondu il y a 2 ans
0

I'd argue that re-authenticating once a day (or every 12-hour here) is not "high level security measures", and should be considered as a baseline. Almost by any standard, the recommendation is not to keep a session alive more that that regardless of activity, for obvious security reasons. (e.g. see 4.2.3 of the NIST digital identity guidelines) So, even if it was possible, I highly recommend not having a session time out greater than 12 hours.

AWS
EXPERT
Faraz_AWS
répondu il y a 2 ans
  • rePost-User-6613293
    il y a un an

    NIST digital identity guidelines have a target audience of "federal systems" (as stated on that page), where "high level security measures" would in fact apply. AWS could offer an option to customize session duration, as 12 hours is insufficient even for a single business day, including when dealing with shared terminals. Azure, IBM, Google, and Cloudflare offer an option to "stay logged in", which terminates the session using other heuristics instead of the rudimentary timeout. Either solution would be appropriate for non-"federal systems" (aka almost every AWS customer).

0

12-hour is the maximum session duration.

For AWS console, mentioned in https://aws.amazon.com/console/features/

The AWS Management Console gives you secure login using your AWS or IAM account credentials. For added security, your login session automatically expires after 12 hours.

For SSO or IAM Identity Center, mentioned in https://docs.aws.amazon.com/singlesignon/latest/userguide/howtosessionduration.html

When you create a new permission set, the session duration is set to 1 hour (in seconds) by default. The minimum session duration is 1 hour, and can be set to a maximum of 12 hours.

répondu il y a 8 jours

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents