I was wondering is there a maximum limit on concurrent temporary security credentials generated via STS for a specific IAM role. i.e., first user gets these temporary credentials for 12 hours, second one does the same, how scalable is this approach for x number of users? Is there an overall limit that is not mentioned on AWS docs?
Best
I am not aware of a limit on concurrent temporary credentials for any usage. You can refresh credentials as often as you want (which generates new credentials). A temporary credential is valid (settable) from 900 seconds to 12 hours. Typical refresh logic will refresh at 50% of time or a set value such as 5 minutes. The correct value depends on the service - S3 put needs a longer time than an EC2 instance listing.
The only limitation that I am aware of is API rate limiting (i.e. API calls per second). For this, the error is ThrottlingException / HTTP Status Code 400.
If you do hit ThrottlingException then implement expotential backoff and try again.
