Stack Overflow
Stack Overflow

Questions tagged [aws-sts]

The AWS Security Token Service (STS) is a web service that lets you grant a trusted user temporary, limited-privilege credentials to access your Amazon Web Services (AWS) resources.

Resources

146 questions
3
votes
0 answers

Unable to sts:AssumeRoleWithWebIdentity for a Cognito user

I have a simple use case to authenticate a user using AWS Cognito and the assume a role to be able to do something useful (read from S3 in my case). Apparently I am missing something very obvious. I am using pure web http client with cognito…
gusto2
  • 8,500
  • 2
  • 14
  • 26
3
votes
1 answer

Recommended way to get temporary AWS credentials? AWS.config or STS?

I'm using a third-party SDK that needs temporary AWS credentials to access AWS services. I'm using this SDK as part of an application that is running on EC2. All SDKs in my application need access to the same role, which is attached to my the EC2…
johnnyodonnell
  • 1,446
  • 11
  • 27
3
votes
1 answer

Grant access to a single folder in the bucket by AWS STS token

I need to allow an anonymous user to access a single folder in the Amazon S3 bucket by providing an STS Token. I found a guide on how to provide an access to a user-specific folders in one bucket based on policies and policy variables. There you use…
Evgeny
  • 51
  • 3
3
votes
1 answer

obtaining AWS credentials using cognito in python boto

I'm trying to emulate the flow of my server application creating a temporary access/secret key pair for a mobile device using my own authentication. Mobile device talks to my server and end result is it gets AWS credentials. I'm using Cognito with a…
lollercoaster
  • 13,421
  • 28
  • 94
  • 162
3
votes
0 answers

Determining an AWS arn from a federated user's credentials

How can you determine what federated user belongs to a set of credentials? I've seen some options for finding a regular user, but temporary credentials created by getting a federation token don't seem to work since they don't have GetUser…
thevarmint
  • 63
  • 5
2
votes
1 answer

Exception when creating a role on Ceph Object Gateway using Java AWS SDK

I am trying to follow the Ceph documentation's examples to test its STS functionality using the Java AWS SDK (v 2.5.16). It is failing rather early on in the process when calling the IamClient's createRole method. The exception thrown…
Christoph
  • 193
  • 5
2
votes
2 answers

EC2 Instance Metadata OR AWS STS for API Authentication? security best practice

Here is the use case. I have an EC2 instance running the ServiceNow mid-server agent. EC2 instance has IAM_Role attached called "TestIAMRole" and assume role policy is attached to the role. I use this EC2 instance and ServiceNow mid-server agent to…
snowcoder
  • 187
  • 2
  • 10
2
votes
1 answer

Application using Iam Role vs STS

Iam new to AWS trying to understand the concepts,what is the difference between IAM Role and STS WHEN TO USE WHICH SERVICE from application.can anyone please explain
BadriGadde
  • 33
  • 1
  • 3
2
votes
2 answers

How to use AWS cli to get access keys in an MFA context?

I'm developing a simple app that will run on an existing EC2 instance. The AWS account is secured with MFA. We use a main account and assume a role into our target account for personal access. The app only deals with the MFA when I'm developing…
Josh Russo
  • 2,691
  • 1
  • 31
  • 57
2
votes
2 answers

Get IAM Role Name Using IAM Role ID

All AWS IAM Roles have an associated Role Name and Role ID. The Role ID is not usually seen because the AWS Console displays just the Role Name. Inside the JSON message of an S3 Event there's a PrincipalID value that contains the Role ID of the role…
Kyle Bridenstine
  • 4,285
  • 5
  • 42
  • 83
2
votes
1 answer

STS Get Caller Identity C++

On the command line I'm able to run this AWS CLI command to get the AWS UserId being used on my local machine $ aws sts get-caller-identity { "UserId": "123456789:john.doe", "Account": "123456789", "Arn":…
Kyle Bridenstine
  • 4,285
  • 5
  • 42
  • 83
2
votes
1 answer

AWS SDK v2 STS - BootstrapMethodError: call site initialization exception caused by LamdaConversionException

I am trying to use STS service for on boarding and I get LambdaConversionException @resolveCredentials StsClient stsClient = StsClient.builder().credentialsProvider(sp_StaticCredentialsProvider).build(); StsAssumeRoleCredentialsProvider…
SDS
  • 337
  • 2
  • 15
2
votes
1 answer

Configure AWS EMR spark with aws sts assume-role

I am trying to read a file from s3 bucket with is in another AWS Account. Steps: Generated access id, access key secret and token using aws sts assume-role command Set following variables: export AWS_ACCESS_KEY_ID= export…
bob
  • 4,092
  • 2
  • 20
  • 30
2
votes
1 answer

How to assume role which is passed from a aws config Rule in python

I am trying to centrally manage the lambda function for the custom config rule which is running in the child account. The lambda function will assume role which is passed to the config rule as a parameter. I am following How to Centrally Manage AWS…
RMish
  • 91
  • 1
  • 8
2
votes
1 answer

How to copy files between S3 buckets in 2 different accounts using boto3

I'm trying to files from a vendors S3 bucket to my S3 bucket using boto3. I'm using the sts service to assume a role to access the vendor s3 bucket. I'm able to connect to the vendor bucket and get a listing of the bucket. I run into CopyObject…
Satish
  • 2,710
  • 5
  • 30
  • 43
1
2
3
9 10