Stack Overflow
Stack Overflow

Questions tagged [aws-sts]

The AWS Security Token Service (STS) is a web service that lets you grant a trusted user temporary, limited-privilege credentials to access your Amazon Web Services (AWS) resources.

Resources

214 questions
0
votes
0 answers

Profile cant be null error AWS even when IAM present ~ java sdk

I have a role on ec2 instance which has assume role permission on a different role. I have the trust relationship set so that shoudnt be an issue. I have this code to get IAM credentials : public class AwsCredentialsHelper { private static final…
user1795516
  • 451
  • 1
  • 8
  • 18
0
votes
0 answers

Pyspark S3A Access Denied Exception for cross account STS assume role

I setup an AWS Glue job to process S3 files present in another AWS account B. The IAM role in Account A(glue job IAM role) is using STS to assume a role in Account B which provides access to my desired files. Account B's IAM role have Trust…
pyhotshot
  • 445
  • 8
  • 23
0
votes
1 answer

unable to assume role after enforcing MFA policy

I created a new policy to enforce IAM user to setup MFA using the policy in this link https://docs.aws.amazon.com/en_pv/IAM/latest/UserGuide/reference_policies_examples_aws_my-sec-creds-self-manage.html Now the IAM user has AdministratorAccess…
uberrebu
  • 3,597
  • 9
  • 38
  • 73
0
votes
1 answer

Is there a way to generate aws mfa token-code with a script?

Every time that i want to get a new aws session, i must open my authy device to get a token-code, so i can use it in my script and generate AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN I'm wondering, if it exists a way to automate the…
Sami Boukhris
  • 1
  • 1
0
votes
1 answer

aws:sts user for Stack creation - aws cli

Using sam deploy, where sam deploy is a wrapper of aws cloudformation deploy, we run below command from EC2, for stack creation: aws cloudformation deploy --template-file cfntemplate.yml --stack-name somestack-test --region us-east-1 Amidst stack…
overexchange
  • 15,768
  • 30
  • 152
  • 347
0
votes
1 answer

Unable to consume STS credentials generated by Lambda for connecting to IoT endpoint

I am unable to connect to AWS IoT endpoint, using STS credentials (AssumeRoleUsingWebIdentity) generated by AWS Lambda. It is throwing me AMQJS0008I Socket closed error I tried connecting to the same endpoint with the STS credentials…
Srujal Kachhela
  • 209
  • 1
  • 4
  • 15
0
votes
1 answer

STS AssumeRole error: AWS Access Key "does not exist in our records"

I'm working on an API Gateway/Lambda-based project. The request flow works as follows: API Gateway passes request to Authorizer lambda Authorizer lambda calls sts.assumeRole() and successfully generates an accessKeyId and secretAccessKey Key/secret…
Ryan Kennedy
  • 3,275
  • 4
  • 30
  • 47
0
votes
1 answer

How can I force expire assume role to back my current account account store the data into my current account s3 bucket

I have one lambda from which I am accessing one cross account by assume role sts = boto3.client('sts') sts.assume_role(RoleArn='A', RoleSessionName='aaa') Now I did some operation after accessing this Like I get some instance information . ec2 =…
Rajarshi Das
  • 11,778
  • 6
  • 46
  • 74
0
votes
1 answer

STS Role Trust relationship

I have defined a trust relationship in destination account using { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::[SOURCE_ACCOUNT_NUMBER]:root" }, "Action":…
kk.
  • 3,747
  • 12
  • 36
  • 67
0
votes
1 answer

How do I GetSessionToken from AmazonSecurityTokenServiceClient created with temporary saml credentials?

Here's what I'm trying to do- var role = new AmazonSecurityTokenServiceClient(aws_access_key_id, aws_secret_access_key, aws_session_token, Amazon.RegionEndpoint.USWest2); role.AssumeRole(new AssumeRoleRequest { DurationSeconds = 3600, …
Pallavi
  • 544
  • 6
  • 15
0
votes
1 answer

AWS cognito exchange token to credential in swift

i try to Accessing aws Services Using an Identity pool after Sign-in by this aws Doc https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html but in Integrating a User Pool with…
saint
  • 103
  • 11
0
votes
1 answer

SHA256 of visually similar strings differs in Bash vs Python

I am trying to construct an AWS Signature v4 Auth header to call the STS GetCallerIdentity API as per the documentation at https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html in Bash. Now, I have the same process working in…
krish7919
  • 892
  • 2
  • 13
  • 30
0
votes
1 answer

AWS Custom Federation Broker: calling federation endpoint error 400 python

I'm trying to creating a URL that enables federated users to access the AWS Management Console following the [officlal documentation][1]. I'm using Cognito with [enhanced authflow][2] in order to authenticate user with username and password. This…
user3083618
  • 270
  • 1
  • 4
  • 16
0
votes
1 answer

SAML Assumed-Role user not authorized to perform actions

I'm using OKTA as our Identity Provider which is allowing me to dictate which Roles users can Assume when logging into the Console. The Goal: Have a Role that allows a user to log into the console and only manage their Access Keys (List, Create,…
funkyfreshmonkey
  • 1
  • 1
  • 1
0
votes
1 answer

Generate temporary AWS creds that could be used by any client

I have a use case where I need arbitrary clients to receive AWS credentials (key and secret) that I generate and pass to it. The credentials should expire after a few minutes. The clients need to post to an s3 bucket. The clients will not be a…
Alex Totheroh
  • 157
  • 2
  • 11
1 2 3
14 15