All Products
Search
Document Center

Resource Access Management:Specify the maximum session duration for a RAM role

Last Updated:Jul 09, 2024

This topic describes how to use the Resource Access Management (RAM) console or API to specify the maximum session duration for a RAM role. If you set the maximum session duration for a RAM role to a large value, RAM users can assume the RAM role to complete time-consuming tasks. If the RAM users call a Security Token Service (STS) operation to assume the RAM role, the STS tokens that are returned have a long validity period.

Limits

  • Valid values of the maximum session duration for a RAM role: 3600 seconds (1 hour) to 43200 seconds (12 hours). Default value: 3600 seconds (1 hour).

  • The maximum session duration is not configurable for service-linked roles.

Use the RAM console to specify the maximum session duration for a RAM role

  1. Log on to the RAM console as a RAM user who has administrative rights.

  2. In the left-side navigation pane, choose Identities > Roles.

  3. On the Roles page, click the name of the RAM role that you created.

  4. In the Basic Information section, click Edit to the right of Max Session Duration.

  5. In the Edit Max Session Duration dialog box, enter the maximum session duration and click OK.

Use the API to specify the maximum session duration for a RAM role

  • When you call the CreateRole operation, configure the MaxSessionDuration parameter to specify the maximum session duration. For more information, see MaxSessionDuration.

  • When you call the UpdateRole operation, configure the NewMaxSessionDuration parameter to change the maximum session duration. For more information, see NewMaxSessionDuration.

What to do next

After you specify the maximum session duration for a RAM role, you can log on to the RAM console and switch the logon identity to the RAM role or call an STS operation to assume the RAM role. You can also use the RAM role for role-based single sign-on (SSO). For more information, see the following topics:

References

How do I modify the validity period of a logon session or an STS token?