diff --git a/iam/create_role_to_assume_cfn.yaml b/iam/create_role_to_assume_cfn.yaml
index 386224da..0ad1a73b 100644
--- a/iam/create_role_to_assume_cfn.yaml
+++ b/iam/create_role_to_assume_cfn.yaml
@@ -37,11 +37,13 @@ Resources:
             Principal:
               AWS: !Sub ${AuthorisedARN}
             Action: 'sts:AssumeRole'
-            ## In case MFA is required uncomment lines below 
-            ## and read https://github.com/toniblyx/prowler#run-prowler-with-mfa-protected-credentials
+            ## In case MFA is required uncomment lines below and read https://github.com/toniblyx/prowler#run-prowler-with-mfa-protected-credentials
             # Condition:
             #   Bool:
             #     'aws:MultiFactorAuthPresent': true
+      # This is 12h that is maximum allowed, Minimum is 3600 = 1h
+      # to take advantage of this use -T like in './prowler -A <ACCOUNT_ID_TO_ASSUME> -R ProwlerExecRole -T 43200 -M text,html'
+      MaxSessionDuration: 43200
       ManagedPolicyArns:
         - 'arn:aws:iam::aws:policy/SecurityAudit'
         - 'arn:aws:iam::aws:policy/job-function/ViewOnlyAccess'