馃挮 Enhancements
- Assume Role improvements, close #31
-
You can now specify
duration_secondsup to 43200 seconds (12 hours)
-
When doing MFA, you have the option to either:
- Role chain by first using GetSessionToken (attached MFA here) then AssumeRole. This was the default up until now to ensure the
aws:MultiFactorAuthPresentIAM flag is set. It limited the role duration to 1 hour. - AssumeRole without first doing GetSessionToken. This does not limit the session duration but it also does not add the
aws:MultiFactorAuthPresentIAM flag.
The info text next to the new MFA Option describes it as:
This option will attach the MFA details to GetSessionToken before calling AssumeRole so that IAM policies that checks the
aws:MultiFactorAuthPresentcondition passes. This is called role chaining and limits the session to a maximum of 1 hour.
- Role chain by first using GetSessionToken (attached MFA here) then AssumeRole. This was the default up until now to ensure the
-