This topic describes how to use the Resource Access Management (RAM) console or API to specify the maximum session duration for a RAM role. If you set the maximum session duration for a RAM role to a large value, RAM users can assume the RAM role to complete time-consuming tasks. If the RAM users call a Security Token Service (STS) operation to assume the RAM role, the STS tokens that are returned have a long validity period.

Background information

  • Valid values of the maximum session duration for a RAM role: 3600 to 43200. Unit: seconds. Default value of the maximum session duration: 3600. Unit: seconds.
  • The maximum session duration is not configurable for service-linked roles.

Use the RAM console to specify the maximum session duration for a RAM role

  1. Log on to the RAM console by using your Alibaba Cloud account.
  2. In the left-side navigation pane, choose Identities > Roles.
  3. On the Roles page, click the name of a specific RAM role.
  4. In the Basic Information section, click Edit to the right of Maximum Session Duration.
  5. In the dialog box that appears, change the maximum session duration and click OK.

Use the API to specify the maximum session duration for a RAM role

When you call the CreateRole or UpdateRole operation, you can configure the MaxSessionDuration or NewMaxSessionDuration parameter to specify the duration. For more information, see CreateRole and UpdateRole.

What to do next

After you specify the maximum session duration for a RAM role, you can log on to the RAM console and switch the logon identity to the RAM role or call an STS operation to assume the RAM role. You can also use the RAM role for role-based single sign-on (SSO). For more information, see the following topics: