Set maximum session duration for a RAM role

更新时间:
复制 MD 格式

You can set the maximum session duration for a RAM role in the console or by calling an API. This setting enables longer login sessions for completing time-consuming tasks. When you assume the RAM role by calling an STS API, you can also get an STS token with an extended validity period.

Limitations

  • The maximum session duration can be set to a value between 3,600 seconds (1 hour) and 43,200 seconds (12 hours). The default value is 3,600 seconds (1 hour).

  • You cannot set the maximum session duration for a service-linked role.

Console

  1. Log in to the RAM console as a RAM administrator.

  2. In the left-side navigation pane, choose Identities > Roles.

  3. On the Roles page, click the name of the target RAM role.

  4. In the Basic Information section, click Edit next to Maximum Session Duration.

  5. In the Edit Max Session Duration dialog box, enter the maximum session duration and click OK.

API

  • Call the CreateRole operation and set the MaxSessionDuration parameter to specify the maximum session duration during role creation.

  • Call the UpdateRole operation and set the NewMaxSessionDuration parameter to update the maximum session duration for a RAM role.

Next steps

After you configure the setting, you can assume the role by switching your identity, using role-based SSO, or calling an STS API. For more information, see the following topics:

Related topics

How do I adjust the login session duration and the validity period of an STS token?