The AWS Security Token Service (STS) is a web service that lets you grant a trusted user temporary, limited-privilege credentials to access your Amazon Web Services (AWS) resources.
Questions tagged [aws-sts]
146 questions
3
votes
0 answers
Unable to sts:AssumeRoleWithWebIdentity for a Cognito user
I have a simple use case to authenticate a user using AWS Cognito and the assume a role to be able to do something useful (read from S3 in my case). Apparently I am missing something very obvious.
I am using pure web http client with cognito…
gusto2
- 8,500
- 2
- 14
- 26
3
votes
1 answer
Recommended way to get temporary AWS credentials? AWS.config or STS?
I'm using a third-party SDK that needs temporary AWS credentials to access AWS services. I'm using this SDK as part of an application that is running on EC2. All SDKs in my application need access to the same role, which is attached to my the EC2…
johnnyodonnell
- 1,446
- 11
- 27
3
votes
1 answer
Grant access to a single folder in the bucket by AWS STS token
I need to allow an anonymous user to access a single folder in the Amazon S3 bucket by providing an STS Token.
I found a guide on how to provide an access to a user-specific folders in one bucket based on policies and policy variables. There you use…
Evgeny
- 51
- 3
3
votes
1 answer
obtaining AWS credentials using cognito in python boto
I'm trying to emulate the flow of my server application creating a temporary access/secret key pair for a mobile device using my own authentication. Mobile device talks to my server and end result is it gets AWS credentials.
I'm using Cognito with a…
lollercoaster
- 13,421
- 28
- 94
- 162
3
votes
0 answers
Determining an AWS arn from a federated user's credentials
How can you determine what federated user belongs to a set of credentials? I've seen some options for finding a regular user, but temporary credentials created by getting a federation token don't seem to work since they don't have GetUser…
thevarmint
- 63
- 5
2
votes
1 answer
Exception when creating a role on Ceph Object Gateway using Java AWS SDK
I am trying to follow the Ceph documentation's examples to test its STS functionality using the Java AWS SDK (v 2.5.16). It is failing rather early on in the process when calling the IamClient's createRole method. The exception thrown…
Christoph
- 193
- 5
2
votes
2 answers
EC2 Instance Metadata OR AWS STS for API Authentication? security best practice
Here is the use case.
I have an EC2 instance running the ServiceNow mid-server agent. EC2 instance has IAM_Role attached called "TestIAMRole" and assume role policy is attached to the role. I use this EC2 instance and ServiceNow mid-server agent to…
snowcoder
- 187
- 2
- 10
2
votes
1 answer
Application using Iam Role vs STS
Iam new to AWS trying to understand the concepts,what is the difference between IAM Role and STS WHEN TO USE WHICH SERVICE from application.can anyone please explain
BadriGadde
- 33
- 1
- 3
2
votes
2 answers
How to use AWS cli to get access keys in an MFA context?
I'm developing a simple app that will run on an existing EC2 instance. The AWS account is secured with MFA. We use a main account and assume a role into our target account for personal access.
The app only deals with the MFA when I'm developing…
Josh Russo
- 2,691
- 1
- 31
- 57
2
votes
2 answers
Get IAM Role Name Using IAM Role ID
All AWS IAM Roles have an associated Role Name and Role ID. The Role ID is not usually seen because the AWS Console displays just the Role Name. Inside the JSON message of an S3 Event there's a PrincipalID value that contains the Role ID of the role…
Kyle Bridenstine
- 4,285
- 5
- 42
- 83
2
votes
1 answer
STS Get Caller Identity C++
On the command line I'm able to run this AWS CLI command to get the AWS UserId being used on my local machine
$ aws sts get-caller-identity
{
"UserId": "123456789:john.doe",
"Account": "123456789",
"Arn":…
Kyle Bridenstine
- 4,285
- 5
- 42
- 83
2
votes
1 answer
AWS SDK v2 STS - BootstrapMethodError: call site initialization exception caused by LamdaConversionException
I am trying to use STS service for on boarding and I get LambdaConversionException @resolveCredentials
StsClient stsClient = StsClient.builder().credentialsProvider(sp_StaticCredentialsProvider).build();
StsAssumeRoleCredentialsProvider…
SDS
- 337
- 2
- 15
2
votes
1 answer
Configure AWS EMR spark with aws sts assume-role
I am trying to read a file from s3 bucket with is in another AWS Account.
Steps:
Generated access id, access key secret and token using aws sts assume-role command
Set following variables:
export AWS_ACCESS_KEY_ID=
export…
bob
- 4,092
- 2
- 20
- 30
2
votes
1 answer
How to assume role which is passed from a aws config Rule in python
I am trying to centrally manage the lambda function for the custom config rule which is running in the child account. The lambda function will assume role which is passed to the config rule as a parameter.
I am following How to Centrally Manage AWS…
RMish
- 91
- 1
- 8
2
votes
1 answer
How to copy files between S3 buckets in 2 different accounts using boto3
I'm trying to files from a vendors S3 bucket to my S3 bucket using boto3. I'm using the sts service to assume a role to access the vendor s3 bucket. I'm able to connect to the vendor bucket and get a listing of the bucket. I run into CopyObject…
Satish
- 2,710
- 5
- 30
- 43