Security Token Service (STS)

  • STS is a web service that enables you to request temporary, limited-privilege credentials for IAM users or for users that you authenticate (federated users).

AssumeRole

  • Returns a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to.

  • These temporary credentials consist of an access key ID, a secret access key, and a security token.

  • Typically, you use AssumeRole within your account or for cross-account access.

  • For cross-account access, imagine that you own multiple accounts and need to access resources in each account, you can create one set of long-term credentials in one account and then use temporary security credentials to access all the other accounts by assuming roles in those accounts.

  • By default, the temporary security credentials created by AssumeRole last for one hour.

  • However, you can use the optional DurationSeconds parameter to specify the duration of your session.

PreviousIAM policy elements: ConditionNextIdentity federation in AWS

Last updated

Was this helpful?