aws sts assume-role
returns three fields as the issued Temporary Security Credentials.
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_SESSION_TOKEN
The first two are with the same format of a user's Access Key, but the 3rd field, AWS_SESSION_TOKEN, is special to the temporary credential.
I have two questions:
- If AWS_SESSION_TOKEN is to represent/encode the temporary validity, why we still needs the first two fields (because after the expiration, we will need to get another AWS_SESSION_TOKEN anyway)?
- If my client call the STS API twice, between two responses returned from
aws sts assume-role
, will/could AWS_ACCESS_KEY_ID be same?