This topic describes how to use the Resource Access Management (RAM) console or API to specify the maximum session duration for a RAM role. If you set the maximum session duration for a RAM role to a large value, RAM users can assume the RAM role to complete time-consuming tasks. If the RAM users call a Security Token Service (STS) operation to assume the RAM role, the STS tokens that are returned have a long validity period.
Background information
- Valid values of the maximum session duration for a RAM role: 3600 to 43200. Unit: seconds. Default value of the maximum session duration: 3600. Unit: seconds.
- The maximum session duration is not configurable for service-linked roles.
Use the RAM console to specify the maximum session duration for a RAM role
- Log on to the RAM console by using your Alibaba Cloud account.
- In the left-side navigation pane, choose .
- On the Roles page, click the name of a specific RAM role.
- In the Basic Information section, click Edit to the right of Maximum Session Duration.
- In the dialog box that appears, change the maximum session duration and click OK.
Use the API to specify the maximum session duration for a RAM role
When you call the CreateRole or UpdateRole operation, you can configure the MaxSessionDuration or NewMaxSessionDuration parameter to specify the duration. For more information, see CreateRole and UpdateRole.