Added session durantion option to 12h

2026-02-10 23:05:05 +00:00 · 2020-11-18 14:48:34 +01:00
parent 11bf35d993
commit fdc8c1ce36
1 changed files with 4 additions and 2 deletions
--- a/iam/create_role_to_assume_cfn.yaml
+++ b/iam/create_role_to_assume_cfn.yaml
@@ -37,11 +37,13 @@ Resources:
            Principal:
              AWS: !Sub ${AuthorisedARN}
            Action: 'sts:AssumeRole'
-            ## In case MFA is required uncomment lines below 
-            ## and read https://github.com/toniblyx/prowler#run-prowler-with-mfa-protected-credentials
+            ## In case MFA is required uncomment lines below and read https://github.com/toniblyx/prowler#run-prowler-with-mfa-protected-credentials
            # Condition:
            #   Bool:
            #     'aws:MultiFactorAuthPresent': true
+      # This is 12h that is maximum allowed, Minimum is 3600 = 1h
+      # to take advantage of this use -T like in './prowler -A <ACCOUNT_ID_TO_ASSUME> -R ProwlerExecRole -T 43200 -M text,html'
+      MaxSessionDuration: 43200
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/SecurityAudit'
        - 'arn:aws:iam::aws:policy/job-function/ViewOnlyAccess'