AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

How can I prevent aws console from signing out?

1

My aws main console is automatically signed out about every 24 hours. Then I have to sign back in and have to go through the security check screen again. It only takes a few seconds but it's annoying to do so everyday. How can I turn this off? I keep my computer on 24/7 and don't even close my browser, so I shouldn't have to sign on every day. Usually with other platforms you only need to go through security check (enter those letters and numbers combo) when you log on from a different address for the first time. Our business only run simple EC2 instances and doesn't need high level security measures. Please advise, thanks!

주제
관리 및 거버넌스
태그
AWS 계정 관리
언어
English
AWS-User-0781592
질문됨 2년 전5073회 조회
3개 답변
0

If you are using the console and IAM credentials: For security purposes, a login session will expire 12 hours after you sign in to the AWS Management Console with your AWS or IAM account credentials. To resume your work after the session expires, choose Click login to continue and log in again. The duration of federated sessions varies depending on the federation API (GetFederationToken or AssumeRole) and the administrator’s preference. Please go to our Security Blog to learn more about building a secure delegation solution to grant temporary access to your AWS account.

If you opt to use SAML: then you can restrict it to as low as 15 minutes to as high as 36 hours. Create a URL that Enables Federated Users to Access the AWS Management Console: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html

AWS
AWS-User-2213811
답변함 2년 전
0

I'd argue that re-authenticating once a day (or every 12-hour here) is not "high level security measures", and should be considered as a baseline. Almost by any standard, the recommendation is not to keep a session alive more that that regardless of activity, for obvious security reasons. (e.g. see 4.2.3 of the NIST digital identity guidelines) So, even if it was possible, I highly recommend not having a session time out greater than 12 hours.

AWS
전문가
Faraz_AWS
답변함 2년 전
  • rePost-User-6613293
    일 년 전

    NIST digital identity guidelines have a target audience of "federal systems" (as stated on that page), where "high level security measures" would in fact apply. AWS could offer an option to customize session duration, as 12 hours is insufficient even for a single business day, including when dealing with shared terminals. Azure, IBM, Google, and Cloudflare offer an option to "stay logged in", which terminates the session using other heuristics instead of the rudimentary timeout. Either solution would be appropriate for non-"federal systems" (aka almost every AWS customer).

0

12-hour is the maximum session duration.

For AWS console, mentioned in https://aws.amazon.com/console/features/

The AWS Management Console gives you secure login using your AWS or IAM account credentials. For added security, your login session automatically expires after 12 hours.

For SSO or IAM Identity Center, mentioned in https://docs.aws.amazon.com/singlesignon/latest/userguide/howtosessionduration.html

When you create a new permission set, the session duration is set to 1 hour (in seconds) by default. The minimum session duration is 1 hour, and can be set to a maximum of 12 hours.

답변함 7일 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠