This topic describes how to use the Resource Access Management (RAM) console or API to specify the maximum session duration for a RAM role. If you set the maximum session duration for a RAM role to a large value, RAM users can assume the RAM role to complete time-consuming tasks. If the RAM users call a Security Token Service (STS) operation to assume the RAM role, the STS tokens that are returned have a long validity period.
Limits
Valid values of the maximum session duration for a RAM role: 3600 seconds (1 hour) to 43200 seconds (12 hours). Default value: 3600 seconds (1 hour).
The maximum session duration is not configurable for service-linked roles.
Use the RAM console to specify the maximum session duration for a RAM role
Log on to the RAM console as a RAM user who has administrative rights.
In the left-side navigation pane, choose .
On the Roles page, click the name of the RAM role that you created.
In the Basic Information section, click Edit to the right of Max Session Duration.
In the Edit Max Session Duration dialog box, enter the maximum session duration and click OK.
Use the API to specify the maximum session duration for a RAM role
When you call the CreateRole operation, configure the
MaxSessionDurationparameter to specify the maximum session duration. For more information, see MaxSessionDuration.When you call the UpdateRole operation, configure the
NewMaxSessionDurationparameter to change the maximum session duration. For more information, see NewMaxSessionDuration.
What to do next
After you specify the maximum session duration for a RAM role, you can log on to the RAM console and switch the logon identity to the RAM role or call an STS operation to assume the RAM role. You can also use the RAM role for role-based single sign-on (SSO). For more information, see the following topics:
References
How do I modify the validity period of a logon session or an STS token?