Stack Overflow
Stack Overflow

Questions tagged [aws-sts]

The AWS Security Token Service (STS) is a web service that lets you grant a trusted user temporary, limited-privilege credentials to access your Amazon Web Services (AWS) resources.

Resources

146 questions
0
votes
1 answer

STS Role Trust relationship

I have defined a trust relationship in destination account using { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::[SOURCE_ACCOUNT_NUMBER]:root" }, "Action":…
kk.
  • 2,968
  • 9
  • 30
  • 57
0
votes
1 answer

How do I GetSessionToken from AmazonSecurityTokenServiceClient created with temporary saml credentials?

Here's what I'm trying to do- var role = new AmazonSecurityTokenServiceClient(aws_access_key_id, aws_secret_access_key, aws_session_token, Amazon.RegionEndpoint.USWest2); role.AssumeRole(new AssumeRoleRequest { DurationSeconds = 3600, …
Pallavi
  • 484
  • 4
  • 15
0
votes
1 answer

Retrieve Entire SAML Response in Spring Security SAML Extension

I have a Spring Boot application that is setup as a Service Provider. My end goal is to be able to call the AWS STS Assume Role with SAML service to generate AWS temporary credentials on behalf of the user with the SAML response used to initially…
Josh Walton
  • 1
  • 2
0
votes
1 answer

AWS cognito exchange token to credential in swift

i try to Accessing aws Services Using an Identity pool after Sign-in by this aws Doc https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html but in Integrating a User Pool with…
saint
  • 73
  • 8
0
votes
1 answer

AWS Custom Federation Broker: calling federation endpoint error 400 python

I'm trying to creating a URL that enables federated users to access the AWS Management Console following the [officlal documentation][1]. I'm using Cognito with [enhanced authflow][2] in order to authenticate user with username and password. This…
user3083618
  • 260
  • 1
  • 4
  • 14
0
votes
1 answer

SAML Assumed-Role user not authorized to perform actions

I'm using OKTA as our Identity Provider which is allowing me to dictate which Roles users can Assume when logging into the Console. The Goal: Have a Role that allows a user to log into the console and only manage their Access Keys (List, Create,…
funkyfreshmonkey
  • 1
  • 1
0
votes
1 answer

Generate temporary AWS creds that could be used by any client

I have a use case where I need arbitrary clients to receive AWS credentials (key and secret) that I generate and pass to it. The credentials should expire after a few minutes. The clients need to post to an s3 bucket. The clients will not be a…
Alex Totheroh
  • 130
  • 2
  • 10
0
votes
1 answer

AWS S3 bucket policy to for federated user

I am trying to give a federated user ( ADFS + SAML + STS ) access to a s3 bucket . I am trying to give the principal as "Principal": { "AWS": [ "arn:aws:sts: accountid:federated-user/someuser" …
Zak
  • 101
  • 2
  • 11
0
votes
2 answers

Which AWS account gets billed when using AWS STS?

I am looking to use AWS STS to access resources from another AWS account owned by another team. say, AWS Account A trying to access AWS Account B. basically the steps I am following: 1. Create a user in Account A 2. Create Role in Account B with the…
DntFrgtDSemiCln
  • 1,149
  • 2
  • 11
  • 32
0
votes
2 answers

Specify Maximum File Size while uploading a file in AWS S3

I am creating temporary credentials via AWS Security Token Service (AWS STS). And Using these credentials to upload a file to S3 from S3 JAVA SDK. I need some way to restrict the size of file upload. I was trying to add policy(of…
Ankit Choudhary
  • 31
  • 1
  • 6
0
votes
2 answers

AWS IAM STS: proper way to make temporary admin?

I want to be able to assign a time-based api token to a non-admin AWS user that results in giving that user temporary admin privileges to all AWS services. Why do I want this? Because when I develop on AWS on my personal account I like to be able…
Digital Impermanence
  • 347
  • 1
  • 3
  • 14
0
votes
1 answer

Getting the error "CustomRoleARN:xxxxxx is not assumable for this token" while re-assigning a Role to a federated user

I am trying to do the following: i) Validate a user thru Cognito Federated Identity (mapped to CognitoPool). A Role R1 is assigned as part of this process. ii) A want to assign a new Role R2 to this token. While assigning the Role R2, I am getting…
user5398398
  • 111
  • 1
  • 4
0
votes
0 answers

Why are the STS credentials getting expired within 45 minutes?

I have this setup where my Ansible playbook runs, which runs an ML script which takes around 3-4 hours for execution, and some AWS tasks running after the ML script. So, I am running a background updatecredentials.py python file which updates both…
Dawny33
  • 8,545
  • 11
  • 65
  • 121
0
votes
1 answer

How to increase the duration of STS credentials validity from one hour?

I am going through this AWS doc about temporary credentials, and I have come across this, about the duration of them: The GetSessionToken action must be called by using the long-term AWS security credentials of the AWS account or an IAM user.…
Dawny33
  • 8,545
  • 11
  • 65
  • 121
0
votes
3 answers

AWS temporary credentials — is the Expiration time in UTC?

I imagine this is likely, but I haven't found any explicit information saying that it's true. When receiving a Credentials object from AssumeRole, is the Expiration in UTC time?
Derek Hauffe
  • 55
  • 8
1 2 3
9
10