How can I prevent aws console from signing out?

1

My aws main console is automatically signed out about every 24 hours. Then I have to sign back in and have to go through the security check screen again. It only takes a few seconds but it's annoying to do so everyday. How can I turn this off? I keep my computer on 24/7 and don't even close my browser, so I shouldn't have to sign on every day. Usually with other platforms you only need to go through security check (enter those letters and numbers combo) when you log on from a different address for the first time. Our business only run simple EC2 instances and doesn't need high level security measures. Please advise, thanks!

asked 2 years ago5249 views
3 Answers
0

If you are using the console and IAM credentials: For security purposes, a login session will expire 12 hours after you sign in to the AWS Management Console with your AWS or IAM account credentials. To resume your work after the session expires, choose Click login to continue and log in again. The duration of federated sessions varies depending on the federation API (GetFederationToken or AssumeRole) and the administrator’s preference. Please go to our Security Blog to learn more about building a secure delegation solution to grant temporary access to your AWS account.

If you opt to use SAML: then you can restrict it to as low as 15 minutes to as high as 36 hours. Create a URL that Enables Federated Users to Access the AWS Management Console: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html

AWS
answered 2 years ago
0

I'd argue that re-authenticating once a day (or every 12-hour here) is not "high level security measures", and should be considered as a baseline. Almost by any standard, the recommendation is not to keep a session alive more that that regardless of activity, for obvious security reasons. (e.g. see 4.2.3 of the NIST digital identity guidelines) So, even if it was possible, I highly recommend not having a session time out greater than 12 hours.

AWS
EXPERT
answered 2 years ago
  • NIST digital identity guidelines have a target audience of "federal systems" (as stated on that page), where "high level security measures" would in fact apply. AWS could offer an option to customize session duration, as 12 hours is insufficient even for a single business day, including when dealing with shared terminals. Azure, IBM, Google, and Cloudflare offer an option to "stay logged in", which terminates the session using other heuristics instead of the rudimentary timeout. Either solution would be appropriate for non-"federal systems" (aka almost every AWS customer).

0

12-hour is the maximum session duration.

For AWS console, mentioned in https://aws.amazon.com/console/features/

The AWS Management Console gives you secure login using your AWS or IAM account credentials. For added security, your login session automatically expires after 12 hours.

For SSO or IAM Identity Center, mentioned in https://docs.aws.amazon.com/singlesignon/latest/userguide/howtosessionduration.html

When you create a new permission set, the session duration is set to 1 hour (in seconds) by default. The minimum session duration is 1 hour, and can be set to a maximum of 12 hours.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions