Stack Overflow
Stack Overflow

Questions tagged [aws-sts]

The AWS Security Token Service (STS) is a web service that lets you grant a trusted user temporary, limited-privilege credentials to access your Amazon Web Services (AWS) resources.

Resources

214 questions
0
votes
1 answer

How to change aws dynamic default region - SAML federated users

I am following this aws documentation to generate and use federated user login. When i use Federation STS token to log into AWS console, it logs into Ohio(us-east-2) region by redirecting to…
Pavan Rao
  • 411
  • 1
  • 8
  • 30
0
votes
0 answers

AWS cognito access denied exception

I am trying to view an AWS kinesis video stream on a local web page. However, I keep getting this error. AccessDeniedException: User: arn:aws:sts::XXXXXXXXX:assumed-role/XXXXXXXX/CognitoIdentityCredentials is not authorized to perform:…
Quillbert Q.
  • 74
  • 1
  • 7
0
votes
0 answers

How to find the "Assume Role Sign-In URL" Using boto3

I need to be able to programmatically get the Sign-In URL for a role. In boto (v2), there was a way to get an IAM role's "Sign-In URL" using boto_iam_connection.get_signin_url(). However, I have been unable to find something similar in boto3. I have…
eatsfood
  • 950
  • 2
  • 21
  • 31
0
votes
0 answers

Get short term AWS CLI Credentials from SSO KeyCloak SAML Provider

aws sts assume-role-with-saml \ --role-arn=arn:aws:iam::xxx:role/team-developers --principal-arn=arn:aws:iam::xxx:saml-provider \ --saml-assertion "" So how do I get the value for saml-assertion? I can authorize through KeyCloak SSO…
DmitrySemenov
  • 9,204
  • 15
  • 76
  • 121
0
votes
1 answer

Enabling Custom Identity Broker Access to the AWS Console with MFA

I would like to incorporate MFA into the Python Code following this document: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html I have an IAM user that works great when I assume a role with MFA…
mitechniq
  • 151
  • 1
  • 1
  • 8
0
votes
1 answer

Restrict S3 bucket access by STS token age?

I have an S3 bucket that I want to restrict access to on the basis of how old the credentials used to access it are. For example if the token used to access the bucket is greater than X days old, I want to deny access. How can I achieve this?…
VBoi
  • 349
  • 5
  • 21
0
votes
0 answers

Generate STS token with assume_role_with_web_identity

I am looking to generate AWS token in my kubernetes pod using AWS_ROLE_ARN & AWS_WEB_IDENTITY_TOKEN_FILE specified in this documentation EKS Service Accounts. Would be able to generate the token using the code below or should I extract the token…
Punter Vicky
  • 15,954
  • 56
  • 188
  • 315
0
votes
1 answer

AWS STS Temporary Credentials S3 Access Denied PutObject

I am following the How to Use AWS IAM with STS for access to AWS resources - 2nd Watch blog post and my understanding is the S3 Bucket Policy Principal requesting the temporary credentials, one approach would be to hard code the Id of this User but…
Conor
  • 426
  • 7
  • 22
0
votes
1 answer

AWS Get Short Term temp token from SSO AD Connector

I have an on premp AD linked to AWS SSO using AD Connector. AD Users have MFA enabled in AWS SSO. There is a requirement of an application to retrieve short term token using user ID. Example Active Directory User ID 'A' has access to shutdown a…
pradpi
  • 65
  • 1
  • 8
0
votes
3 answers

How to avoid hard coding access key and security key values aws

In my js file, I am accessing my AWS sns, but the main issue is that currently, I am hard coding my IAM access and security keys... Is there a way to avoid doing this by using a temporary key or hiding my keys? I have posted a snippet on how I am…
dyCoder
  • 13
  • 1
  • 5
0
votes
1 answer

AWS STS temporary credentials InvokeFunction lambda not working

I'm issuing an STS token for a user interface that includes the following statement for lambda permissions: { "Sid" : "AllowUserInvokeLambda", "Action": [ "lambda:InvokeAsync", "lambda:InvokeFunction" ], …
Scott
  • 7,983
  • 2
  • 26
  • 41
0
votes
1 answer

How to give cloudfront or any resource access to another account role

I have a cloudfront, let's say in Account A and I want to access this cloudfront from a build server which is in another AWS account let's say in Account B with IAM Role. How to give a IAM role access(Account B) to that cloudfront which is in…
Satish Kumar
  • 43
  • 1
  • 6
0
votes
1 answer

Invalid AWS Access Key when calling S3 from Apex

I am attempting to access s3 from Apex using credentials returned from AssumeRole. However, I am receiving the following error: The AWS Access Key Id you provided does not exist in our…
Casey Sheehan
  • 1
  • 1
0
votes
1 answer

Post PutRecords directly to kinesis API without (real) authentication

I want to send PutRecords requests from a mobile app directly into AWS Kinesis data stream via https API. I don't want to use API Gateway and I don't want to bundle a secret access key with the app. I expect 1M events per second posted by…
Maxim Suponya
  • 1,419
  • 2
  • 20
  • 43
0
votes
1 answer

Access Denied for ListObjects AWS STS and S3 Client

I am unable to use the method ListObjects to access AWS S3 using the Secure Token Service. The documentation states a bucket and it's object can be private, while we can use AWS STS to gain temporary credentials to access the S3 objects. I am…
Night Rider
  • 155
  • 8
1 2 3
14 15