Where is AWS role session name?

Where is AWS role session name?

AWS CloudTrail captures any action that John performs with the marketing IAM role, and you can easily identify John’s sessions in your AWS CloudTrail logs by searching for any Amazon Resource Name (ARN) with John’s aws:username (which is john_s) as the role session name.

What is the role session name?

Use the role session name to uniquely identify a session when the same role is assumed by different principals or for different reasons. In cross-account scenarios, the role session name is visible to, and can be logged by the account that owns the role.

What is AWS session name?

Returns a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to. These temporary credentials consist of an access key ID, a secret access key, and a security token.

How do you assume IAM role?

You can assume a role by calling an AWS CLI or API operation or by using a custom URL. The method that you use determines who can assume the role and how long the role session can last. ¹ Using the credentials for one role to assume a different role is called role chaining.

Do IAM roles expire?

You can easily extend the maximum session duration for an IAM role to up to 12 hours using the IAM console or CLI. Once you increase the maximum session duration, users and applications assuming the IAM role can request temporary, short-term credentials that expire when the IAM role session expires.

What is a IAM role?

An IAM role is an IAM entity that defines a set of permissions for making AWS service requests. IAM roles are not associated with a specific user or group. Instead, trusted entities assume roles, such as IAM users, applications, or AWS services such as EC2.

Who can use IAM roles?

There is no limit to the number of IAM roles you can assume, but you can only act as one IAM role when making requests to AWS services. Q: Who can use IAM roles? Any AWS customer can use IAM roles.

What is IAM role chaining?

Role chaining occurs when you use a role to assume a second role through the AWS CLI or API. For example, assume that User1 has permission to assume RoleA and RoleB . Additionally, RoleA has permission to assume RoleB . To engage in role chaining, you can use RoleA ‘s short-term credentials to assume RoleB .

Why is IAM role needed?

IAM roles allow you to delegate access with defined permissions to trusted entities without having to share long-term access keys. You can use IAM roles to delegate access to IAM users managed within your account, to IAM users under a different AWS account, or to an AWS service such as EC2.

How to name an IAM session in AWS?

Dedicate an IAM role in your AWS account for the marketing department. Define the role trust policy for the IAM role, to specify who can assume the IAM role. Use the new sts:RoleSessionName condition in the role trust policy to define the allowed role session name values for the dedicated IAM role.

How long does it take to switch roles in AWS?

IAM user sessions are 12 hours by default. IAM users who switch roles in the console are granted the role maximum session duration, or the remaining time in the IAM user’s session, whichever is less. For example, assume that a maximum session duration of 10 hours is set for a role.

Can you delegate access to AWS resources using IAM?

For these scenarios, you can delegate access to AWS resources using an IAM role. This section introduces roles and the different ways you can use them, when and how to choose among approaches, and how to create, manage, switch to (or assume), and delete roles.

How is an IAM role similar to a user?

IAM Roles. An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.