aws-console browser session logs out too soon, not sure if aws-console is to blame

[LinguineCode]

Hello, I installed aws-console via brew install aws-console. I'm honestly not familiar with the rest of this rain repository. I read a tip on stackoverflow(iirc?) to try aws-console in leiu of browser extensions/plugins, and I've been using it daily since then. I can't quite tell if the aws-console feature has first-level support. It's not mentioned in the README or anything. But it has its own brew formula, so there's that

My question: My browser sessions time out very quickly. I'm not sure if aws-console is to blame, or something else. Can you give any insight?

[khmoryz]

@LinguineCode It seems likely that AssumeRole is not being used.

If AssumeRole is used, then the console sessions will be limited to 12 hours(default action). If GetFederationToken is used, then it is 1 hour.

Please check your permission settings.

[LinguineCode]

Thank you @khmoryz for the prompt reply. What permission settings should I be checking? Is it a configuration for aws-console or something else?

FYI, I launch a browser session at my CLI using this:

AWS_PROFILE=myprofilename aws-console

myprofilename is of course configured at ~/.aws/config. I am using AWS SSO to authenticate (as opposed to AWS IAM User with IAM keypairs)

[ericzbeard]

This is the expected behavior, since we are using the sign-in URI https://signin.aws.amazon.com/federation to get the token. It might be possible for us to change the way the console command works in Rain. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html

[LinguineCode]

Thanks @ericzbeard , I can also say that the browser logs me out way less than 60 minutes. I didn't use a stopwatch, but it feels like it may be 30 minutes. Although I don't have an exact timing I can say with 100% certainty it's less than <60 minutes

[khmoryz]

@LinguineCode It's a bit puzzling that it's shorter than 60 minutes.

All aws-console does is simply construct a sign-in URL and open it in a browser. There may be some restrictions unrelated to aws-console.

You may be able to find something by running the getSigninToken action yourself using the following document as a reference and checking whether it behaves the same way. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html

Also, if you are using SSO, the session duration of the profile may be set to a short period. Ask the SSO administrator how many seconds the session duration is set to. I don't know if that will have an effect, but it's a possibility.