[AWS] Security Token Service (STS)

Security Token Service (STS) creates temporary security credentials – short time use (A few minutes to several hours).


  • STS API calls return a credential, which has 3 components
    • Security Token
    • Access Key ID
    • Secrete Access Key
  • Types of Tokens
    • AssumeRole
    • AssumeRoleWithWebIdentity
    • AssumeRoleWithSAML
    • GetFederationToken
    • GetSessionToken


  • There is no need to pass or save credentials in an application or an instance.
  • Use Cases
    • Identity Federation (SAML – Security Assertion Markup Language, Web Identity Federation)
    • Roles for Cross Account Access
    • Roles for EC2 instances

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s