2022/08/22
About IfExists AWS IAM conditions: if a condition key might not exist (the resource doesn’t have it built-in, or a tag isn’t set), you can append IfExists to the condition test.
For example StringEquals -> StringEqualsIfExists.
tags
2022/08/30
That the max duration for any AWS assumed role session is 12h.
--duration-seconds (integer)
The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes) up to the maximum session duration set for the role. **The maximum session duration setting can have a value from 1 hour to 12 hours.** If you specify a value higher than this setting or the administrator setting (whichever is lower), the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails.
Role chaining limits your Amazon Web Services CLI or Amazon Web Services API role session to a maximum of one hour. When you use the AssumeRole API operation to assume a role, you can specify the duration of your role session with the DurationSeconds parameter. You can specify a parameter value of up to 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume a role using role chaining and provide a DurationSeconds parameter value greater than one hour, the operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide .
By default, the value is set to 3600 seconds.
see https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role.html#options
Also: I learned that is0-8601 defines formats for durations (like PT2H) and time intervals