AWS documentation says that role session name is used to uniquely identify a session. So what happens if I have 2 instances of my application running which assume the role with same session?
Asked
Active
Viewed 2,900 times
1 Answers
1
No. To fully quote the documentation, with emphasis added:
Use the role session name to uniquely identify a session when the same role is assumed by different principals or for different reasons.
The goal is to allow forensics based on CloudTrail logs: if you see something assuming a role, you want to know who/what it is.
As a practical example, whenever you assume a role from the AWS Console, it uses your username as the session name.
If you're assuming a role as part of an application, I think it makes sense to use the application name (but beware that your session name has a 64-byte limit!).
Parsifal
- 3,928
- 5
- 9