Posted On: Dec 11, 2020

Session Manager, a capability of Amazon Systems Manager, now offers customers greater control over how long sessions remain idle before being terminated automatically. This feature can help you meet compliance requirements, such as PCI Requirement 8.1.8, which requires that users reauthenticate if a session is idle for more than 15 minutes. 

Additionally, customers can now stream session logs continuously to CloudWatch for the duration of a session, instead of waiting until the session is terminated. The logs are structured as JSON messages, and identify the user initiating the session, the instance and session IDs, and the commands and output from the session. The ability to receive and process structured logs continuously throughout the duration of the session provides you with improved visibility into user activity. Using the structured logs, you can easily search for conditions such as session initiation or the use of a specific command, to help analyze and troubleshoot session activity. 

To get started, in the navigation pane of the Session Manager console, in the navigation pane, choose Preferences. You can customize the idle session timeout value in the General Preferences. You can enable streaming logs by enabling logs in the CloudWatch logging section, and then choosing Stream session logs as the logging option. 

Session Manager is available in the Amazon Web Services China (Beijing) region, operated by Sinnet, and in the Amazon Web Services China (Ningxia) region, operated by NWCD. To learn more about Session Manager, see the Session Manager documentation. For information about Amazon Systems Manager, see our product detail page