Comments (4)
The Internal Tools team has discussed this some - given that the current default of 1 hr could be extended up to 12 hr, we think that it would be good for Security to take a peek at this to ensure there aren't any concerns there, especially in the context of L2 accounts.
We would appreciate some additional context behind the request and the use case it represents - what is the use case you're intending to use this for?
from terraform-provider-alks.
@aaron-seitz any news on this?
I have a team that runs a script in jenkins to refresh our elasticsearch index. This process takes multiple hours to run. In order to do it we need the bento role attached. Increasing the time limit will allow for the script to finish before losing access to the prod account.
from terraform-provider-alks.
from terraform-provider-alks.
@aaron-seitz it's been a while. A few roles that get created through terraform might have sessions where they need a few hours to run. For example roles attached to ci/cd that run migrations that take a few hours.
Currently teams can workaround by manually updating the max session. This is less than ideal cause if we decided to recreate the role someone has to remember to manually update it.
What security concerns do you have if roles can be updated now manually with max_session_duration?
from terraform-provider-alks.
Related Issues (20)
- New IAM Enabled check breaks code where ALKS use is optional HOT 1
- Validate IAM credentials only when modifying resources HOT 1
- Specifying account without role silently ignores account HOT 1
- alks_iamrole does not get recreated when include_default_policies is changed from true to false
- Seperate `iamtrustrole` from `iamrole` HOT 1
- Remove references to IAM keys HOT 1
- local install page instructions have wrong version of plugin
- incorrect test for max_session_duration_in_seconds?
- Missing provider config error handling
- Needs more than one service for IAM trust policy for lambda edge features.
- Unable to apply service role to elastic beanstalk HOT 2
- Pull Credentials from Container for ECS and CodeBuild environments HOT 2
- Add support for "version" in provider config HOT 2
- Include client name and version in User-Agent header HOT 1
- Terraform 0.12 Compatibility
- Fix Public TF Registry Setup HOT 4
- ALKS TFP - Fix Slack notifications
- alks provider doesn't support terraform 0.12 HOT 1
- [Feature Request] Switch between ALKS Accounts HOT 2
- Support for automatic plugin installation HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-alks.