0
0
AwsConceptBeginner · 3 min read

What is AWS STS: Secure Temporary Access Explained

AWS STS (Security Token Service) is a service that provides temporary, limited-access credentials to users or applications. It helps securely grant short-term permissions without sharing long-term keys.
⚙️

How It Works

AWS STS works like a trusted gatekeeper that hands out temporary keys to people or apps who need to use AWS resources for a short time. Imagine you have a guest pass to enter a building that only works for a few hours. STS creates these temporary passes with specific permissions.

When you request access, STS verifies your identity and then issues temporary security credentials. These credentials include an access key, secret key, and a session token. They expire after a set time, so even if someone else gets them, they can't use them forever.

💻

Example

This example shows how to use AWS STS to get temporary credentials using the AWS CLI. It requests a session with limited permissions for 1 hour.

bash
aws sts assume-role --role-arn arn:aws:iam::123456789012:role/demo-role --role-session-name demoSession --duration-seconds 3600
Output
{ "Credentials": { "AccessKeyId": "ASIA...", "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY", "SessionToken": "AQoDYXdzEJr...<remainder of security token>", "Expiration": "2024-06-01T12:34:56Z" }, "AssumedRoleUser": { "AssumedRoleId": "ARO123EXAMPLE123:demoSession", "Arn": "arn:aws:sts::123456789012:assumed-role/demo-role/demoSession" } }
🎯

When to Use

Use AWS STS when you want to give temporary access to AWS resources without sharing permanent credentials. This is useful for:

  • Granting access to users from other AWS accounts.
  • Allowing mobile or web apps to access AWS securely.
  • Enabling federated users (like corporate employees) to use AWS without creating IAM users.
  • Improving security by limiting how long credentials last.

Key Points

  • AWS STS issues temporary security credentials with limited permissions.
  • Credentials expire automatically, reducing risk if leaked.
  • Supports cross-account access and federated identity.
  • Commonly used in mobile apps, temporary access, and automation.

Key Takeaways

AWS STS provides temporary, limited-access credentials to improve security.
Temporary credentials expire automatically, reducing long-term risk.
Use STS for cross-account access, federated users, and mobile apps.
STS helps avoid sharing permanent AWS keys.
It acts like a secure gatekeeper issuing short-term passes.

Related by keyword

How to Enable Access Logging on S3 Buckets in AWSS3How to Secure AWS Account: Best Practices and StepsSecurityHow to Fix Access Denied Errors in AWS QuicklyCommon ErrorsWhat is AWS Region: Definition and Usage ExplainedGetting StartedWhat is AMI in AWS: Definition and Usage ExplainedEC2

Up next

AWS Shared Responsibility Model: What It Is and How It WorksWhat is AWS Used For: Key Uses and ExamplesALB vs NLB vs CLB: Key Differences and When to Use EachEBS vs Instance Store in AWS: Key Differences and Usage Guide

More in IAM

How to Attach a Policy to an AWS Role: Simple StepsHow to Attach a Policy to a User in AWS IAMHow to Create Custom IAM Policy in AWS: Simple GuideHow to Create IAM Group in AWS: Step-by-Step Guide