[FEATURE] Add --session-duration option to let user choose how many time last STS temporary credentials #13
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently we cannot ask awscli_saml_sso for a custom session-duration of generated STS temporary credentials.
We propose to add a --session-duration option to let user choose custom session duration.
Describe the solution you'd like
Add a --session-duration option which let user choose duration in seconds.
We have to ensure that provided value is between 900 (15 min) and 43200 (12 hours).
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sts.html#STS.Client.assume_role_with_saml
We also need to handle case when chosen value exceed the MaxSessionDuration set for the role which raised the following exception:
see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
The text was updated successfully, but these errors were encountered: