feat: Permission Set Session Duration (#33)

milldr · web-flow · commit 32d2492cfee5 · 2025-07-25T15:45:16.000Z
* added session duration as an input

* added session duration as an input

* added session duration as an input

* added session duration as an input
diff --git a/.gitignore b/.gitignore
@@ -74,3 +74,5 @@ github/
 *.ovpn
 
 *.zip
+account-map/
+.atmos/
diff --git a/README.md b/README.md
diff --git a/src/README.md b/src/README.md
diff --git a/src/policy-AdminstratorAccess.tf b/src/policy-AdminstratorAccess.tf
@@ -3,7 +3,7 @@ locals {
     name                                = "AdministratorAccess",
     description                         = "Allow Full Administrator access to the account",
     relay_state                         = "",
-    session_duration                    = "",
+    session_duration                    = var.session_duration,
     tags                                = {},
     inline_policy                       = ""
     policy_attachments                  = ["arn:${local.aws_partition}:iam::aws:policy/AdministratorAccess"]
diff --git a/src/policy-PoweruserAccess.tf b/src/policy-PoweruserAccess.tf
@@ -3,7 +3,7 @@ locals {
     name             = "PowerUserAccess",
     description      = "Allow Poweruser access to the account",
     relay_state      = "",
-    session_duration = "",
+    session_duration = var.session_duration,
     tags             = {},
     inline_policy    = ""
     policy_attachments = [
diff --git a/src/policy-TerraformUpdateAccess.tf b/src/policy-TerraformUpdateAccess.tf
@@ -47,7 +47,7 @@ locals {
     name                                = "TerraformUpdateAccess",
     description                         = "Allow access to Terraform state sufficient to make changes",
     relay_state                         = "",
-    session_duration                    = "PT1H", # One hour, maximum allowed for chained assumed roles
+    session_duration                    = var.session_duration,
     tags                                = {},
     inline_policy                       = one(data.aws_iam_policy_document.terraform_update_access[*].json),
     policy_attachments                  = []
diff --git a/src/variables.tf b/src/variables.tf
@@ -52,3 +52,9 @@ variable "groups" {
     EOT
   default     = []
 }
+
+variable "session_duration" {
+  type        = string
+  description = "The default duration of the session in seconds for all permission sets. If not set, fallback to the default value in the module, which is 1 hour."
+  default     = ""
+}

-Original file line number
+Diff line change
 *.ovpn
 *.zip
 +account-map/
 +.atmos/