Ensure that all active sessions in the AWS Session Manager do not exceed the period of time set in the rule settings. Sessions that are active for longer than expected could be the result of suspicious activity. Session manager gives users the ability to open a shell into EC2 instances or execute commands on containers running in ECS.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
The session manager gives users the ability to either open a shell in a EC2 instance or execute commands in a ECS task. This can be useful for when debugging issues in a container or instance. However, long lived sessions that have not been terminated present a risk as an attacker that has access to that computer running this session will have access to that instance or container. Additionally, a long lived session might indicate suspicious activity due to the session being for longer than reasonability required.
Remediation / Resolution
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
SSM Session Length
Risk level: High