Ensure that all active sessions in the AWS Session Manager do not exceed the period of time set in the rule settings. Sessions that are active for longer than expected could be the result of suspicious activity. Session manager gives users the ability to open a shell into EC2 instances or execute commands on containers running in ECS.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
The session manager gives users the ability to either open a shell in a EC2 instance or execute commands in a ECS task. This can be useful for when debugging issues in a container or instance. However, long lived sessions that have not been terminated present a risk as an attacker that has access to that computer running this session will have access to that instance or container. Additionally, a long lived session might indicate suspicious activity due to the session being for longer than reasonability required.
Remediation / Resolution
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
SSM Session Length
Risk level: High