Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-console browser session logs out too soon, not sure if aws-console is to blame #450

Open
LinguineCode opened this issue Jul 9, 2024 · 5 comments
Open

aws-console browser session logs out too soon, not sure if aws-console is to blame #450

LinguineCode opened this issue Jul 9, 2024 · 5 comments
Assignees
@ericzbeard
Labels
enhancement New feature or request

Comments

@LinguineCode
Copy link

Hello, I installed aws-console via brew install aws-console. I'm honestly not familiar with the rest of this rain repository. I read a tip on stackoverflow(iirc?) to try aws-console in leiu of browser extensions/plugins, and I've been using it daily since then. I can't quite tell if the aws-console feature has first-level support. It's not mentioned in the README or anything. But it has its own brew formula, so there's that

My question: My browser sessions time out very quickly. I'm not sure if aws-console is to blame, or something else. Can you give any insight?
@ericzbeard ericzbeard self-assigned this Jul 9, 2024
@khmoryz
Copy link
Collaborator

khmoryz commented Jul 9, 2024

@LinguineCode
It seems likely that AssumeRole is not being used.

If AssumeRole is used, then the console sessions will be limited to 12 hours(default action).
If GetFederationToken is used, then it is 1 hour.

Please check your permission settings.

@LinguineCode
Copy link
Author

Thank you @khmoryz for the prompt reply. What permission settings should I be checking? Is it a configuration for aws-console or something else?

FYI, I launch a browser session at my CLI using this:

AWS_PROFILE=myprofilename aws-console

myprofilename is of course configured at ~/.aws/config. I am using AWS SSO to authenticate (as opposed to AWS IAM User with IAM keypairs)

@ericzbeard
Copy link
Contributor

This is the expected behavior, since we are using the sign-in URI https://signin.aws.amazon.com/federation to get the token. It might be possible for us to change the way the console command works in Rain. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html

@ericzbeard ericzbeard added enhancement New feature or request and removed investigating labels Jul 11, 2024
@LinguineCode
Copy link
Author

Thanks @ericzbeard , I can also say that the browser logs me out way less than 60 minutes. I didn't use a stopwatch, but it feels like it may be 30 minutes. Although I don't have an exact timing I can say with 100% certainty it's less than <60 minutes

@khmoryz
Copy link
Collaborator

khmoryz commented Jul 14, 2024

@LinguineCode
It's a bit puzzling that it's shorter than 60 minutes.

All aws-console does is simply construct a sign-in URL and open it in a browser. There may be some restrictions unrelated to aws-console.

You may be able to find something by running the getSigninToken action yourself using the following document as a reference and checking whether it behaves the same way.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html

Also, if you are using SSO, the session duration of the profile may be set to a short period. Ask the SSO administrator how many seconds the session duration is set to.
I don't know if that will have an effect, but it's a possibility.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ericzbeard ericzbeard

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ericzbeard @LinguineCode @khmoryz