By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to give users a limited access time to a web app running on ECS/EC2

0

I'm quite new at AWS and use mostly the console to build my project.

I have placed a containerized Streamlit web app in an AWS EC2/ECS instance beyond an ALB (https listener with session timeout 3960 secs.) and let users access it through Cognito authentication with Authorization code grant. Everything works fine, users are allowed to the app.

Now, I would like users to be authomatically logged out after 60 minutes and redirected to the signout URL.

I've set the refresh token expiration at 60 min., the access token and ID token expiration at 5 min. However, the backend continues delivering data to logged in users even after 60 minutes, so my idea doesn't work.

Then, I've implemented a Lambda function with admin_user_global_sign_out but it doesn't work either: users do still get data from the backend.

I'm wondering what I shall do and looking for a solution that I can implement using the AWS console so that the procedure is clear to me.

Thank you for any help.

Topics
ComputeSecurity, Identity, & ComplianceContainersDevOps
Tags
Amazon EC2Amazon CognitoAmazon Elastic Container ServiceDevOpsApplication Load Balancer
Language
English
AWS-User-7570055
asked 2 years ago390 views
1 Answer
0

The app running behind AWS ALB should be validating the Tokens to ensure proper auth to your app. If the refreshToken is set to 60 mins, then at 61 mins the user should be logged out. Can you confirm the duration to which the users are maintaining access and that the ABL is leveraging Cognito for Auth rather than a custom redirect to your app behind ALB?

AWS
JMWare
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content