By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Force use of `--duration-seconds 900` for `sts` commands `get-session-token` and `assume-role`.

0

Hi,

So i need to make sure, that any sessions created are not longer than 15 mins. As far as i understood it is possible to "request" a 15 min session access keys using sts, but, is there a policy to force the user to provide this --duration-seconds 900?

Joann

Topics
Security, Identity, & Compliance
Tags
Security, Identity, & ComplianceAWS Identity and Access ManagementIAM Policies
Language
English
Joann Babak
asked a year ago666 views
1 Answer
1
Accepted Answer

There is currently no way to force this for an assume-role call.

You can set the maximum session duration for a role, but not lower than 1h.

There is no IAM condition key that allows you to force this either

--max-session-duration (integer)

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours.

EXPERT
Ben Bridts
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content