This contradicts with https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html which says the default is 1 hour but it is possible to increase the limit to up to 12 hours, as long as the assumed role allows it. The duration can be specified in AWS CLI and AWS API calls, however the AWS Console does not support changing the duration, so it defaults to 1 hour.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
The above mentioned STS docs do state 1 hour for chained roles:
Role chaining limits your AWS CLI or AWS API role session to a maximum of one hour. When you use the AssumeRole API operation to assume a role, you can specify the duration of your role session with the DurationSeconds parameter. You can specify a parameter value of up to 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume a role using role chaining and provide a DurationSeconds parameter value greater than one hour, the operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
Relevant content
- asked 2 years ago
- Accepted Answerasked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated 9 days ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago