Setting timeouts for Amazon AppStream 2.0 for an optimal user experience while optimizing costs
Amazon AppStream 2.0 offers different session timeouts to ensure customers have an optimal user experience balanced with cost optimization. Understanding the effects of the timeouts on what your users experience is key to making the correct settings.
Richard Spaven
Amazon Employee
Published Jun 3, 2025
Last Modified Jun 4, 2025
This blog will explore the difference timeouts, what causes a timeout to occur and what the end user experiences are as well the cost and security implications.
The following settings will be explored:-
The following settings will be explored:-
- Redirect URL
- Disconnect timeout in minutes
- Idle disconnect timeout in minutes
- Maximum Session Duration
- SAML Session Duration
The meanings of each setting will be defined and then scenarios will be looked at which reflect real world usage.
The Redirect URL is the web page users will be sent to in the following scenarios:-
- The user ends the session from the profile menu
- The disconnect timeout has passed and the OK button has been pressed
- The SAML Session Duration has passed and the OK button has been pressed
- The Max Session Direction has passed and the OK button has been pressed
The URL can be set to the organization IDP application page, a help page or other page to assist users.
The Maximum Session Duration in Minutes timeout starts once a user has clicked on an AppStream 2.0 application or desktop icon. The setting ensures that even if no timeouts happen, instance usage and costs are contained. The timeout also ensures that instances are refreshed and the benefits of non-persistence are realized at a frequency suitable for the use case. The timeout needs to be set greater than any processing time an application requires to ensure tasks complete without interruption. Once the timeout has been reached the message below will be presented to users, and once OK is clicked, the user will be presented with the End Session URL, if set.
The Disconnect Timeout countdown starts when the following events happen:-
- A user ends the session from the Profile menu
- The Browser client is closed
- The Amazon AppStream 2.0 Client is closed
Once the timeout has finished, the following will happen - In single session fleets, the underlying instance will be terminated and, in multi-session fleets, the users session will be terminated.
The Idle Disconnect Timeout starts in the following scenarios:-
- A user walks away from their device
- A user puts the AppStream client, or browser in the background, i.e. stops using the service
The following message will be displayed when the timeout passes:-
The SAML Session Duration Timeout starts once the user is authenticated to Amazon AppStream 2.0. By Default, i.e. if the SAML Attribute is not set, the SAML Session Duration is 60 minutes. SAML Session Duration is driven by security requirements e.g. the organization wants a re-authentication to minimize the chances of an unattended device being abused. The SAML Session Duration Timeout is a SAML assertion set and passed from the SAML provider. Setting Up SAML - Amazon AppStream 2.0
Once the SAML Session Duration has passed, the following screen appears:-
When the user clicks ok, either the Redirect URL is followed or the following screen appears when set blank:-
In this scenario, the Idle disconnect timeout will commence, followed by the Disconnect Timeout. If the combination of timeouts is too small, then, when users returns, a fast reconnect is no longer possible and a new instance or session will be launched. Unsaved work could be lost, or background processes might be interrupted. Organizations typically set the idle disconnect timeout to be longer than any anticipated break which, when ended, the user would expect their work to still be available.
In this scenario, the disconnect timeout starts. Timeouts should accommodate scenarios where users may be disconnected e.g. moving from one device to another or a client PC restart. Setting the timeouts to too long will let instances run for longer and incur costs but setting too short will make users wait for another instance or session to be created.
Data processing, analytics and other use cases often utilize an application which takes time to produce an output, report etc. . Set the Disconnect and Idle Disconnect timeouts to be greater than processes duration to ensure the work is finished uninterrupted.
Knowing when timeouts occur and what happens will inform you of the optimal setting to chose to keep users working without interruption, maintaining security and optimizing costs.
Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.