We allow you to customize the POST token life for compliance webhooks, which changes the amount of time allowed to execute your Cloud Custodian compliance policies. The default value for the compliance token life is one hour, which is sufficient for most customers and follows best practice by limiting the token life.
If you have compliance scans that take longer than an hour, however, a token set to one hour would expire before the scan completes, and the results wouldn't successfully POST within the API. This means that any compliance issues in that scan wouldn't be registered/the findings wouldn't appear in your compliance overview. To ensure these long-running scans are captured, you can increase the compliance POST token life to a maximum value of four hours.
To change the POST token life:
- In the left navigation menu, click Settings > System Settings.
- Under Application Settings, click Compliance.
- Enter a number between 1 and 4 into the Post Token Life field. This number represents the maximum number of hours your compliance scans have to run before the authorization token expires.
- Click Update.