Description

AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users you authenticate (federated users).

Features

• Temporary Security Credentials: Provides temporary credentials that automatically expire, reducing the risk of long-term credential compromise.
• Federated Access: Enables federated users to access AWS resources by exchanging identity provider (IdP) tokens for temporary AWS credentials.
• Cross-Account Access: Facilitates secure cross-account access without sharing long-term credentials.
• Integration with IAM: Seamlessly integrates with AWS IAM policies and roles for granular access control.
• Global Service: Available in multiple AWS regions to ensure low latency and high availability.

Limitations

• Credential Expiry: Temporary credentials have a limited lifespan and must be refreshed regularly.
• Complex Setup: Configuring federated access and cross-account roles can be complex and requires careful planning.
• Limited to AWS Resources: Primarily designed for accessing AWS resources, with limited direct support for non-AWS services.

Use Cases

• Temporary Access for IAM Users: Granting temporary access to AWS resources for IAM users to minimize the risk of credential leakage.
• Federated Access for External Users: Allowing external users authenticated through an identity provider to access AWS resources securely.
• Cross-Account Resource Access: Enabling secure, temporary access to AWS resources across different AWS accounts for collaboration or centralized management.

External Id

Role session name