- 最新
- 投票最多
- 评论最多
Hey there,
Individual sessions on an IAM Role cannot be revoked. The option here is a broad stroke in which you revoke all sessions which were initiated at, and prior to, a fixed point in time. What that 'revoke session' option does in the UI is modify your IAM Role in question with an IAM Policy that revokes any session initiated prior to whatever time you set it to.
Can this same functionality be done via the CLI? Indeed it can, you simply add a policy (Customer Managed or Inline) to the role, which contains a revocation statement. This document gives an example of the IAM Policy that I'm referring to, and I've provided it below, too.
To clarify - In order to achieve the same end-goal via the CLI as you would through the GUI, you must manually add a revocation policy to the role. There is no API such as 'RevokeSession'.
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {"DateLessThan": {"aws:TokenIssueTime": "2014-05-07T23:47:00Z"}}
}
}
Hi, Good Question
You can go to the role that was assumed in IAM and click on Revoke sessions
More info at https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_revoke-sessions.html
Please accept the answer if this works for you or let me know so that I can further look into this
Cheers Sri
相关内容
AWS 官方已更新 2 年前- AWS 官方已更新 1 年前
Thank you for the answer, but is there AWS CLI way to revoke sessions?