Stack Overflow
Stack Overflow

Questions tagged [aws-sts]

The AWS Security Token Service (STS) is a web service that lets you grant a trusted user temporary, limited-privilege credentials to access your Amazon Web Services (AWS) resources.

Resources

214 questions
154
votes
4 answers

Quick way to get AWS Account number from the AWS CLI tools?

Looking for a quick way to pull my account number, I had originally thought of using aws iam get-account-authorization-details --max-items 1 but there are several issues with doing it this way. Is there a way to do this that might not cross account…
ehime
  • 8,025
  • 14
  • 51
  • 110
97
votes
9 answers

AWS sts assume role in one command

To assume an AWS role in the CLI, I do the following command: aws sts assume-role --role-arn arn:aws:iam::123456789123:role/myAwesomeRole --role-session-name test --region eu-central-1 This gives to me an output that follows the schema: { …
Arcones
  • 3,954
  • 4
  • 26
  • 46
24
votes
1 answer

What's the use case for RoleSessionName when assuming a role in AWS and how it affects the performance

I have a scenario in which I want to have access to resources within one account from another one in AWS (cross-account access) in code. And I want to implement this access using NodeJs, implemented as lambda function and also as a long-running code…
Mehran
  • 15,593
  • 27
  • 122
  • 221
22
votes
3 answers

aws sts get-session-token fails with profile

I'm trying to get a session token in order to set environment variables in order to use a tool which uploads to S3 but doesn't directly support AWS profiles. aws sts get-session-token --profile myprofile Enter MFA code for…
Steve Bennett
  • 114,604
  • 39
  • 168
  • 219
13
votes
1 answer

AWS: Amazon Cognito vs STS and SAML

In the official AWS documentation about Cognito, in the outline of a use case is stated that: 1.In the first step your app user signs in through a user pool and receives user pool tokens after a successful authentication. 2.Next, your app…
pkaramol
  • 16,451
  • 43
  • 149
  • 324
12
votes
4 answers

AWS SSO login to credentials as environment variables

Given that logging-in with aws login sso is successful. Successully logged into Start URL: ***** From here I want to start my service that requires the following environment variables with AWS credentials to be…
Luke 10X
  • 1,071
  • 2
  • 14
  • 30
12
votes
3 answers

Ways to find out how soon the AWS session expires?

Prerequisites I have a script that works with AWS but does not deal with credentials explicitly. It just calls AWS API, expecting the credentials to be there according to default credentials provider chain. In fact, the wrapper that calls this…
Vlad Nikiforov
  • 6,052
  • 1
  • 12
  • 18
10
votes
1 answer

How to copy files between S3 buckets in 2 different accounts using boto3

I'm trying to files from a vendors S3 bucket to my S3 bucket using boto3. I'm using the sts service to assume a role to access the vendor s3 bucket. I'm able to connect to the vendor bucket and get a listing of the bucket. I run into CopyObject…
Satish
  • 3,020
  • 7
  • 35
  • 47
9
votes
2 answers

Get IAM Role Name Using IAM Role ID

All AWS IAM Roles have an associated Role Name and Role ID. The Role ID is not usually seen because the AWS Console displays just the Role Name. Inside the JSON message of an S3 Event there's a PrincipalID value that contains the Role ID of the role…
Kyle Bridenstine
  • 6,055
  • 11
  • 62
  • 100
8
votes
1 answer

InvalidClientTokenId when calling get-caller-identity on an AWS EC2 instance with instance profile

We're having an issue where we're on a CentOS EC2 instance that is using a role through an attached instance profile. When we're on the console after SSHing in, we run the python awscli command line tool to get our identity: $ aws sts…
Dave
  • 111
  • 1
  • 4
8
votes
1 answer

What's the functionality of AWS_SESSION_TOKEN returned from STS API?

aws sts assume-role returns three fields as the issued Temporary Security Credentials. AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN The first two are with the same format of a user's Access Key, but the 3rd field, AWS_SESSION_TOKEN,…
chen
  • 4,302
  • 6
  • 41
  • 70
8
votes
1 answer

aws-sdk upload with STS credentials - 403 error

I've been trying to set up Amazon's STS (Security Token Service) to create temporary credentials for client side uploads to S3. I can get the code working fine with an access key generated from the IAM user, but when I swap out the access key/secret…
eetee
  • 125
  • 1
  • 5
7
votes
1 answer

Application using Iam Role vs STS

Iam new to AWS trying to understand the concepts,what is the difference between IAM Role and STS WHEN TO USE WHICH SERVICE from application.can anyone please explain
BadriGadde
  • 83
  • 2
  • 4
6
votes
2 answers

InvalidClientTokenId error aws when trying to get caller identity

hi I am unable to run this command aws sts get-caller-identity. when I do sudo nano ~/.aws/credentials I can only locate this [default] aws_access_key_id = my_id aws_secret_access_key = my_secret_id and after doing successful steps of command aws…
pie
  • 97
  • 1
  • 1
  • 6
6
votes
2 answers

AWS assume-role with credentials that last more than an hour

I am setting up our AWS to have multiple accounts, with our IAM users defined in one account and our resources defined in one or more other accounts, with policies set up to allow users to assume roles on the production and staging accounts. I am…
David Ham
  • 833
  • 3
  • 12
  • 27
1
2 3
14 15