Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document the use of aws sts assume-role and eight hour token expiry #882

Merged
merged 2 commits into from
Apr 19, 2018
Merged

Document the use of aws sts assume-role and eight hour token expiry #882

merged 2 commits into from
Apr 19, 2018

Conversation

issyl0
Copy link
Contributor

@issyl0 issyl0 commented Apr 13, 2018

  • Now that tokens have an eight hour expiry
    (Increase the assume-role MFA expiry time to 8 hours (28800 seconds) govuk-aws#533), we don't need to do
    the intermediary workaround of calling aws sts get-session-token for
    a longer session without MFA.
  • This has the side effect that you'll need to re-authenticate with MFA
    if you wish to switch environments, but I don't think that's
    necessarily a bad thing at the moment.

Document the use of aws sts assume-role and eight hour token expiry
cbe6540 
- Now that tokens have an eight hour expiry
  (alphagov/govuk-aws#533), we don't need to do
  the intermediary workaround of calling `aws sts get-session-token` for
  a longer session without MFA.
- This has the side effect that you'll need to re-authenticate with MFA
  if you wish to switch environments, but I don't think that's
  necessarily a bad thing at the moment.
Document the use of --duration-seconds in the assume-role command
05969f2 
- I wrongly thought that a "max_session_age" of 28800 seconds (eight
  hours) would apply to everyone's sessions automatically, but people
  can in fact request different session lengths up to the eight hour
  maximum with `--duration-seconds`, but otherwise the default is 1
  hour.
@issyl0 issyl0 merged commit f9e8cdd into master Apr 19, 2018
@issyl0 issyl0 deleted the update_aws_users_docs branch April 19, 2018 12:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pmanrubia pmanrubia pmanrubia approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@issyl0 @pmanrubia @tijmenb