Description:
This policy enables the configuration of session timeouts for VPN and terminal services. This can help to protect AWS resources from unauthorized access by terminating sessions that have been inactive for a period of time.
Rationale:
The ability to terminate inactive sessions is essential for maintaining the security of an AWS environment. This policy provides a valuable tool for doing so by enabling the configuration of session timeouts for VPN and terminal services.
Impact:
Enabling this policy will have no impact on the availability or performance of AWS resources. However, it may cause users to be logged out of their sessions if they are inactive for a period of time.
Default Value:
AWS will not configure session timeouts by default.
Pre-requisites:
- The user must have the appropriate permissions to configure session timeouts.
- The user must have access to the AWS Management Console or the AWS CLI.
Remediation Steps:
To disable this policy, the user can follow these steps:
- In the AWS Management Console, navigate to the IAM & Admin page.
- Click on the Policies tab.
- Select the policy that you want to disable.
- Click on the Disable button.
Test Plan:
To test this policy, the user can follow these steps:
- Enable the policy.
- Set the session timeout to a short period of time.
- Attempt to access a VPN or terminal service session after the session timeout has expired.
- Verify that the user is logged out of the session.
Implementation Plan:
To implement this policy, the user can follow these steps:
- Enable the policy.
- Set the session timeout to a suitable value for your environment.
- Monitor the logs to ensure that users are not being logged out of their sessions unexpectedly.
AWS CLI Process:
To enable this policy using the AWS CLI, the user can run the following command:
aws iam update-policy --policy-name <policy-name> --policy-document file://<policy-document-file>
The policy-document-file
file should contain the following JSON:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:SetSessionTimeout", "Resource": "*" } ] }
Using AWS GUI:
To enable this policy using the AWS GUI, the user can follow these steps:
- In the AWS Management Console, navigate to the IAM & Admin page.
- Click on the Policies tab.
- Select the policy that you want to enable.
- Click on the Edit button.
- In the Policy Document section, paste the following JSON:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:SetSessionTimeout", "Resource": "*" } ] }
- Click on the Save button.
Backout Plan:
To revoke this policy, the user can follow these steps:
- In the AWS Management Console, navigate to the IAM & Admin page.
- Click on the Policies tab.
- Select the policy that you want to revoke.
- Click on the Delete button.
Note:
- This policy is not required for all AWS environments.
- The user should test the policy to ensure that it is working as expected.
- The user should revoke this policy if it is no longer needed.
Reference:
- AWS IAM Policy Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html
- AWS CLI Command Reference: https://docs.aws.amazon.com/cli/latest/reference/iam/
Section 2:
- Tags: session, timeout, vpn, terminal, services
- Keywords: IAM, policy, security, compliance