Description
Identifier for temporary security credentials obtained through AWS STS AssumeRole API operations.
Features
- Uniquely identifies a session
- Customizable string value
- Included in CloudTrail logs
- Aids in auditing and tracking
Limitations
- Maximum length of 64 characters
- Must be unique for each assume role request
- Cannot be changed after session creation
- Only applies to temporary credentials
Use Cases
- Tracking individual user actions in shared role environments
- Implementing fine-grained access controls in CI/CD pipelines
- Auditing federated user activities across multiple AWS accounts