Situation
After entering the MFA code at initial login, even with continuous activity, the user must re-enter the code after about 30 to 60 minutes. You want to extend this period.
Explanation
In the AWS Management Console, you can switch roles. You can assume roles by calling AWS CLI or API operations, or by using a custom URL. Depending on how you assume the role, the people who can assume the role and the duration of the role session are determined.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
Solution
The default credential lifetime to assume a role via Console or CLI is one hour. You can modify the maximum session duration setting for the role, which determines the maximum session duration you can request when obtaining role credentials. Please note the following about this setting:
The value can be between 1 hour and 12 hours.
CLI의 경우 : When assuming a role using the AssumeRole API operation, you can specify the session length using the DurationSeconds parameter. Use this parameter to specify a role session length between 900 seconds (15 minutes) and the maximum session duration set for the role.
For Console : The IAM user switching roles in the console is granted the shorter time between the maximum session duration for the role and the remaining duration of the IAM user session. For example, if the maximum session duration for the role is set to 5 hours, and the IAM user is logged in to the console for 10 hours (within the default max of 12 hours), the available role session duration will be 2 hours.
This setting does not limit sessions assumed by AWS services.
역할 최대 세션 시간을 수정하려면 아래 문서를 참조하십시오.