By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How can I prevent aws console from signing out?

1

My aws main console is automatically signed out about every 24 hours. Then I have to sign back in and have to go through the security check screen again. It only takes a few seconds but it's annoying to do so everyday. How can I turn this off? I keep my computer on 24/7 and don't even close my browser, so I shouldn't have to sign on every day. Usually with other platforms you only need to go through security check (enter those letters and numbers combo) when you log on from a different address for the first time. Our business only run simple EC2 instances and doesn't need high level security measures. Please advise, thanks!

Topics
Management & Governance
Tags
AWS Account Management
Language
English
AWS-User-0781592
asked 2 years ago4983 views
2 Answers
0

If you are using the console and IAM credentials: For security purposes, a login session will expire 12 hours after you sign in to the AWS Management Console with your AWS or IAM account credentials. To resume your work after the session expires, choose Click login to continue and log in again. The duration of federated sessions varies depending on the federation API (GetFederationToken or AssumeRole) and the administrator’s preference. Please go to our Security Blog to learn more about building a secure delegation solution to grant temporary access to your AWS account.

If you opt to use SAML: then you can restrict it to as low as 15 minutes to as high as 36 hours. Create a URL that Enables Federated Users to Access the AWS Management Console: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html

AWS
AWS-User-2213811
answered 2 years ago
0

I'd argue that re-authenticating once a day (or every 12-hour here) is not "high level security measures", and should be considered as a baseline. Almost by any standard, the recommendation is not to keep a session alive more that that regardless of activity, for obvious security reasons. (e.g. see 4.2.3 of the NIST digital identity guidelines) So, even if it was possible, I highly recommend not having a session time out greater than 12 hours.

AWS
EXPERT
Faraz_AWS
answered 2 years ago
  • rePost-User-6613293
    a year ago

    NIST digital identity guidelines have a target audience of "federal systems" (as stated on that page), where "high level security measures" would in fact apply. AWS could offer an option to customize session duration, as 12 hours is insufficient even for a single business day, including when dealing with shared terminals. Azure, IBM, Google, and Cloudflare offer an option to "stay logged in", which terminates the session using other heuristics instead of the rudimentary timeout. Either solution would be appropriate for non-"federal systems" (aka almost every AWS customer).

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content