Update settings for a role
Use the following procedures to update a role's description or change the maximum session duration for a role.
Update a role description
To change the description of the role, modify the description text.
To change the description of a role (console)
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
. -
In the navigation pane of the IAM console, choose Roles.
-
Choose the name of the role to modify.
-
In the Summary section, choose Edit.
-
Enter a new description in the box and choose Save changes.
To change the description of a role (AWS CLI)
-
(Optional) To view the current description for a role, run the following command:
-
To update a role's description, run the following command with the description parameter:
To change the description of a role (AWS API)
-
(Optional) To view the current description for a role, call the following operation:
-
To update a role's description, call the following operation with the description parameter:
Update the maximum session duration for a role
To specify the maximum session duration setting for roles that are assumed using the console, the AWS CLI, or AWS API, modify the maximum session duration setting value. This setting can have a value from 1 hour to 12 hours. If you do not specify a value, the default maximum of 1 hour is applied. This setting does not limit sessions assumed by AWS services.
To change the maximum session duration setting for roles that are assumed using the console, AWS CLI, or AWS API (console)
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
. -
In the navigation pane of the IAM console, choose Roles.
-
Choose the name of the role to modify.
-
In the Summary section, choose Edit.
-
For Maximum session duration, choose a value. Alternatively, choose Custom duration and enter a value (in seconds).
-
Choose Save changes.
Your changes don't take effect until the next time someone assumes this role. To learn how to revoke existing sessions for this role, see Revoke IAM role temporary security credentials.
In the AWS Management Console, IAM user sessions are 12 hours by default. IAM users who switch roles in the console are granted the role maximum session duration, or the remaining time in the user's session, whichever is less.
Anyone who assumes the role from the AWS CLI or AWS API can request a longer
session, up to this maximum. The MaxSessionDuration
setting
determines the maximum duration of the role session that can be
requested.
-
To specify a session duration using the AWS CLI use the
duration-seconds
parameter. To learn more, see Switch to an IAM role (AWS CLI). -
To specify a session duration using the AWS API, use the
DurationSeconds
parameter. To learn more, see Switch to an IAM role (AWS API).
Note
Anyone who assumes the role from the AWS CLI or API can use the
duration-seconds
CLI parameter or the
DurationSeconds
API parameter to request a longer session.
The MaxSessionDuration
setting determines the maximum duration
of the role session that can be requested using the
DurationSeconds
parameter. If users don't specify a value
for the DurationSeconds
parameter, their security credentials
are valid for one hour.
To change the maximum session duration setting for roles that are assumed using the AWS CLI (AWS CLI)
-
(Optional) To view the current maximum session duration setting for a role, run the following command:
-
To update a role's maximum session duration setting, run the following command with the
max-session-duration
CLI parameter or theMaxSessionDuration
API parameter:Your changes don't take effect until the next time someone assumes this role. To learn how to revoke existing sessions for this role, see Revoke IAM role temporary security credentials.
Note
Anyone who assumes the role from the AWS CLI or API can use the
duration-seconds
CLI parameter or the
DurationSeconds
API parameter to request a longer session.
The MaxSessionDuration
setting determines the maximum duration
of the role session that can be requested using the
DurationSeconds
parameter. If users don't specify a value
for the DurationSeconds
parameter, their security credentials
are valid for one hour.
To change the maximum session duration setting for roles that are assumed using the API (AWS API)
-
(Optional) To view the current maximum session duration setting for a role, call the following operation:
-
To update a role's maximum session duration setting, call the following operation with the
max-sessionduration
CLI parameter or theMaxSessionDuration
API parameter:Your changes don't take effect until the next time someone assumes this role. To learn how to revoke existing sessions for this role, see Revoke IAM role temporary security credentials.