Skip to content

AWS STS - Security Token ServiceΒΆ

  • Allows to grant limited and temporary access to AWS resources
  • Token is valid for up to one hour (must be refreshed)
  • Cross Account Access
    • Allows users from one AWS account to access resources in another
  • [[Identity Federation]] ([[Active Directory]])
    • Provides a non-AWS user with temporary AWS access by linking users [[Active Directory]] credentials
    • Uses [[SAML]] (Security Assertion Markup Language)
    • Allows [[Single Sign On (SSO)]] which enables users to log into [[AWS console]] without assigning IAM credentials
  • Federation with third part providers / Programming/AWS/Cognito/AWS Cognito
    • used mainly in web and mobile applications
    • Makes use of Facebook/Google/Amazon etc to federate them

Cross Account Access