By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

CloudTrail log event for Identity Center user sign-out?

0

Hi all

I want to compute Identity Center user inactive time (time after lastest sign-out), is there CloudTrail log event for Identity Center user sign-out? I can see the events for sign-in - https://docs.aws.amazon.com/singlesignon/latest/userguide/sign-in-events-examples.html - but not for sign-out.

Thanks.

Topics
Security, Identity, & Compliance
Tags
AWS IAM Identity Center
Language
English
profile picture
Sonic
asked 2 months ago51 views
1 Answer
0

There isn't a specific CloudTrail log event for IAM Identity Center user sign-out. The sign-out process in IAM Identity Center doesn't generate a dedicated CloudTrail event like sign-in does.

However, you can track user activity and session information in other ways:

  1. IAM Identity Center maintains two types of sessions: sign-in sessions and application sessions. Sign-in sessions can last up to 90 days, while application sessions have a 1-hour lifetime and are automatically refreshed.

  2. When a user signs out or their session is revoked, all application sessions terminate. This termination happens within 30 minutes in most cases, though it can take up to an hour in some situations, such as during service disruptions.

  3. For AWS account access through IAM Identity Center, sessions can persist for up to 12 hours based on the configured IAM role session duration in the permission set.

  4. To track user activity within the same session, IAM Identity Center emits a 'credentialId' field in CloudTrail events for user actions in the AWS access portal or when using the AWS CLI. This field contains the AWS access portal session ID for a user, which can help you track user actions during their session.

  5. You can monitor the 'UserAuthentication' event in CloudTrail, which is logged when all authentication requirements have been completed and the user has been signed in. This event includes a 'LoginTo' field that specifies the redirect location following a successful sign-in sequence.

While these methods don't provide a direct sign-out event, they can help you infer user activity and session status. To compute user inactive time, you might need to combine this information with other logs or implement additional tracking mechanisms within your applications.
Sources
Authentication in IAM Identity Center - AWS IAM Identity Center
Important changes to CloudTrail events for AWS IAM Identity Center | AWS Security Blog
Understanding IAM Identity Center sign-in events - AWS IAM Identity Center

profile picture
re:Post Agent
answered 2 months ago
profile picture
EXPERT
Gary Mclean
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content