Stack Overflow
Stack Overflow

Questions tagged [aws-sts]

The AWS Security Token Service (STS) is a web service that lets you grant a trusted user temporary, limited-privilege credentials to access your Amazon Web Services (AWS) resources.

Resources

214 questions
6
votes
1 answer

How secret is the session token in AWS temporary security credentials?

I want to generate pre-signed S3 URLs using temporary security credentials (my program is running on an EC2 host that has an IAM role attached with the policies I want). I saw on the docs for how to create a signed request that I am supposed to…
CDOct
  • 63
  • 1
  • 3
6
votes
2 answers

Amazon Bucket Policy for only mobile app access

I have a bucket in Amazon S3 and I set data inside read only for everyone. However, this is not what I want. I would like that data to be accessible only from my mobile application and restrict it to download by url. Is that possible? if so how to…
birdcage
  • 2,638
  • 4
  • 35
  • 58
5
votes
1 answer

Does WebIdentityTokenCredentialsProvider need STS module?

I just debugged a strange problem with the AWS Java SDK: Running a pod in AWS EKS using the WebIdentityTokenCredentials (which the service account provides) only works, if the STS module of the SDK is in the classpath. Can somebody confirm? This is…
Lukas Lentner
  • 370
  • 3
  • 11
5
votes
4 answers

CDK DnsValidatedCertificate: Can create a certificate in a linked AWS account, when the hosted zone is part of the parent account?

I'm trying to use AWS' Cloud Development Kit to create an SSL certificate for some sub-subdomains of my website. The trouble is that I'm using AWS Organizations and the relavant resources belong to different AWS accounts. The hosted zone for my…
carpiediem
  • 1,918
  • 22
  • 41
4
votes
1 answer

DynamoDB access management cross-account cross-region

I have this situation: A dynamoDB table in region X account A and a Lambda function in region Y account B. and I want to write to that dynamoDB table using the lambda function. What I did so far: add a role in account B with the policy for using…
Sabrine Mihni
  • 147
  • 2
  • 10
4
votes
1 answer

How to use assume_role_with_web_identity auth for aws-fog S3 storage in Ruby on Rails?

I have kubernetes setup with STS and it works fine with sdk for sqs, sns etc. I need to use STS auth with fog-aws gem to download/list files and I can do it with ruby aws-sdk-s3 but I use carrierwave gem so I am trying to figure it out using…
pramodtech
  • 6,300
  • 18
  • 72
  • 111
4
votes
2 answers

AWS SDK v2 STS - BootstrapMethodError: call site initialization exception caused by LamdaConversionException

I am trying to use STS service for on boarding and I get LambdaConversionException @resolveCredentials StsClient stsClient = StsClient.builder().credentialsProvider(sp_StaticCredentialsProvider).build(); StsAssumeRoleCredentialsProvider…
SDS
  • 457
  • 5
  • 17
4
votes
3 answers

AWS STS token refresh with existing token received from AssumeRoleWithSAML

I have a use-case where I need to have temporary AWS STS token made available for each authenticated user (auth using company IDP). These tokens will be used to push some data in AWS S3. I am able to get this flow, by using SAML assertion in IDP…
Rohan Pandit
  • 41
  • 1
  • 2
3
votes
1 answer

Assuming roles when logged in via IAM Identity Center

I have an AWS multi account setup where I use IAM Identity Center to manage users and control access. I'm using a managed AWS role to grant view-only access. When I'm logged into one of these accounts (lets call it prod), I'd like to be able to use…
Kasper Middelboe Petersen
  • 358
  • 2
  • 13
3
votes
1 answer

How to generate AWS credential report for all accounts in an organization

I am looking to generate a AWS credential report for all the accounts under an organization. Is there any way to generate the consolidated report of accounts. I know we can generate a credential report per account (one) under an organization as per…
Harry
  • 253
  • 1
  • 6
  • 19
3
votes
3 answers

Access AWS session token from profile with DefaultCredentialsProvider

My AWS profile in ~/.aws/credentials contains session credentials created by STS. [default] aws_session_token=XXX aws_access_key_id=XXX aws_secret_access_key=XXX I am trying to access these credentials using the AWS SDK Java v2 Using the…
user5633550
  • 95
  • 2
  • 6
3
votes
2 answers

AWS Amplify - CognitoIdentityCredentials is not authorized to perform: sts:AssumeRole on resource

I have an Amplify App using Nuxt. When a user logs in via cognito the app tries to use STS to transfer to another role to get a QuickSight Dashboard Embed Url following this AWS blog post. So I have a role with this policy: { "Version":…
av0000
  • 1,917
  • 6
  • 31
  • 51
3
votes
1 answer

Configure AWS EMR spark with aws sts assume-role

I am trying to read a file from s3 bucket with is in another AWS Account. Steps: Generated access id, access key secret and token using aws sts assume-role command Set following variables: export AWS_ACCESS_KEY_ID= export…
bob
  • 4,595
  • 2
  • 25
  • 35
3
votes
1 answer

SignatureDoesNotMatch when overriding STS API endpoint in Terraform

I am running Terraform in AWS region us-west-2 (Oregon) in a private VPC. Because of this I am using VPC endpoints to expose the STS API and am overriding this endpoint in Terraform as follows: provider "aws" { endpoints { sts =…
dippynark
  • 2,743
  • 20
  • 58
3
votes
1 answer

aws sts maximum number of concurrent tokens

I was wondering is there a maximum limit on concurrent temporary security credentials generated via STS for a specific IAM role. i.e., first user gets these temporary credentials for 12 hours, second one does the same, how scalable is this approach…
Phoenix
  • 51
  • 2
  • 3
1
2
3
14 15