The AWS Security Token Service (STS) is a web service that lets you grant a trusted user temporary, limited-privilege credentials to access your Amazon Web Services (AWS) resources.
Questions tagged [aws-sts]
214 questions
0
votes
2 answers
Amazon S3 bucket policy to for federated user
I am trying to give a federated user ( ADFS + SAML + STS ) access to an Amazon S3 bucket . I am trying to give the principal as
"Principal": {
"AWS": [
"arn:aws:sts: accountid:federated-user/someuser"
…
Zak
- 111
- 3
- 11
0
votes
2 answers
Which AWS account gets billed when using AWS STS?
I am looking to use AWS STS to access resources from another AWS account owned by another team.
say, AWS Account A trying to access AWS Account B.
basically the steps I am following:
1. Create a user in Account A
2. Create Role in Account B with the…
DntFrgtDSemiCln
- 1,259
- 2
- 16
- 35
0
votes
2 answers
Specify Maximum File Size while uploading a file in AWS S3
I am creating temporary credentials via AWS Security Token Service (AWS STS).
And Using these credentials to upload a file to S3 from S3 JAVA SDK.
I need some way to restrict the size of file upload.
I was trying to add policy(of…
Ankit Choudhary
- 31
- 1
- 6
0
votes
2 answers
AWS IAM STS: proper way to make temporary admin?
I want to be able to assign a time-based api token to a non-admin AWS user that results in giving that user temporary admin privileges to all AWS services.
Why do I want this? Because when I develop on AWS on my personal account I like to be able…
Digital Impermanence
- 407
- 1
- 5
- 16
0
votes
1 answer
Getting the error "CustomRoleARN:xxxxxx is not assumable for this token" while re-assigning a Role to a federated user
I am trying to do the following:
i) Validate a user thru Cognito Federated Identity (mapped to CognitoPool). A Role R1 is assigned as part of this process.
ii) A want to assign a new Role R2 to this token.
While assigning the Role R2, I am getting…
user5398398
- 121
- 1
- 4
0
votes
0 answers
Why are the STS credentials getting expired within 45 minutes?
I have this setup where my Ansible playbook runs, which runs an ML script which takes around 3-4 hours for execution, and some AWS tasks running after the ML script.
So, I am running a background updatecredentials.py python file which updates both…
Dawny33
- 10,543
- 21
- 82
- 134
0
votes
1 answer
How to increase the duration of STS credentials validity from one hour?
I am going through this AWS doc about temporary credentials, and I have come across this, about the duration of them:
The GetSessionToken action must be called by using the long-term AWS
security credentials of the AWS account or an IAM user.…
Dawny33
- 10,543
- 21
- 82
- 134
0
votes
1 answer
(Using CLI) AWS was not able to validate the provided access credentials
I get the following error, when executing the aws cli command: aws ec2 describe-instances --filters "Name=instance-type,Values=m1.small":
A client error (AuthFailure) occurred when calling the DescribeInstances operation: AWS was not able to…
Dawny33
- 10,543
- 21
- 82
- 134
0
votes
0 answers
Using SQS with MFA and temporary STS credentials in dev environment
I'm trying to use a MFA protected SQS queue from a node.js application.
The code looks like this:
var sts = new AWS.STS(),
awsSerialNumber = process.env.AWS_MFA_SERIAL_NUMBER,
awsTokenCode = process.env.AWS_MFA_TOKEN;
sts.getSessionToken({
…
sebasmagri
- 170
- 2
- 10
0
votes
1 answer
Amazon Cognito: How to pass credentials to server-side application
I have a client side application (developed in Java, not Android) that authenticate a user with an Amazon Cognito User Pool. To make things clear: that application display a username/password entry dialog, then authenticate with the Cognito user…
James
- 4,211
- 1
- 18
- 34
0
votes
0 answers
Amazon Web Services : Assume role with SAML: Security token Service Restrictions
We are implementing SAML based federation with AWS to acceess S3 bucket.
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
There is a security flaw with this approach. If we do STS:AssumeRole, any one can debug, get SAML…
Naren Karanam
- 61
- 1
- 3
- 10
0
votes
1 answer
Accessing AWS S3 with temporary credentials
Hi I have an application written in Scala (distributed system - Spark) and I need to have read access to my S3 bucket.
I have access to this bucket through AWS console using an IAM user and I want to gain a temporary credentials to that bucket using…
user_s
- 1,058
- 2
- 12
- 35
0
votes
1 answer
How can I to use an AWS temporary security credential just one time?
I want to send a temporary security credentials to a user who can use this credential just one time and after that it will be disabled.
When I want to create a temporary security credentials, I only have the option to specify an expiry time. But I…
Mohamed Ali Abidi
- 53
- 6
0
votes
1 answer
How to Generate AWS DynamoDB Credential Key with STS API which is Limited to Insert and Update One Key/Row
Amazons STS allows to create credentials for DynamoDB. I do know how to create time limited (15min - 1h) crediential keys.
However I was wondering whether it is possible to generate a DynamoDB key which is allowed/limited to insert and update only…
Manuel
- 9,112
- 13
- 70
- 110
0
votes
1 answer
Amazon STS as Token Vending Machine: Is User Session Management a valid Usecase?
Recently I read this article:
http://aws.amazon.com/articles/SDKs/Android/4611615499399490
Now my question is...
Can the Amazon STS (Security Token Service) used as a Token Vending Machine to manage user sessions for a clients of a Web Server (As…
Hari Krishna Ganji
- 1,647
- 2
- 20
- 33