You can set the maximum session duration for a RAM role in the console or by calling an API. This setting enables longer login sessions for completing time-consuming tasks. When you assume the RAM role by calling an STS API, you can also get an STS token with an extended validity period.
Limitations
-
The maximum session duration can be set to a value between 3,600 seconds (1 hour) and 43,200 seconds (12 hours). The default value is 3,600 seconds (1 hour).
-
You cannot set the maximum session duration for a service-linked role.
Console
-
Log in to the RAM console as a RAM administrator.
-
In the left-side navigation pane, choose .
-
On the Roles page, click the name of the target RAM role.
-
In the Basic Information section, click Edit next to Maximum Session Duration.
-
In the Edit Max Session Duration dialog box, enter the maximum session duration and click OK.
API
-
Call the CreateRole operation and set the
MaxSessionDurationparameter to specify the maximum session duration during role creation. -
Call the UpdateRole operation and set the
NewMaxSessionDurationparameter to update the maximum session duration for a RAM role.
Next steps
After you configure the setting, you can assume the role by switching your identity, using role-based SSO, or calling an STS API. For more information, see the following topics:
Related topics
How do I adjust the login session duration and the validity period of an STS token?