Stack Overflow
Stack Overflow

Questions tagged [aws-sts]

The AWS Security Token Service (STS) is a web service that lets you grant a trusted user temporary, limited-privilege credentials to access your Amazon Web Services (AWS) resources.

Resources

214 questions
3
votes
1 answer

AWS restrict access to temporary credentials getSessionToken using StsClient

Business Senario There are multiple offices which have their own AWS S3 Buckets. No user from one office will have access to another office S3 Bucket. Hence, for every office, there is a S3 Bucket and also an IAM user. Each IAM user has permission…
Adarsh Madrecha
  • 6,364
  • 11
  • 69
  • 117
3
votes
1 answer

AWSSecurityTokenServiceException: Acced denied. User is not authorized to perform sts:AssumeRole

I'm new to aws. I want to generate temporary credentials for aws call. And for that I use example from Making Requests Using IAM User Temporary Credentials - AWS SDK for Java Where I pass String clientRegion = ""; String roleARN =…
Nikolas
  • 2,322
  • 9
  • 33
  • 55
3
votes
0 answers

Unable to sts:AssumeRoleWithWebIdentity for a Cognito user

I have a simple use case to authenticate a user using AWS Cognito and the assume a role to be able to do something useful (read from S3 in my case). Apparently I am missing something very obvious. I am using pure web http client with cognito…
gusto2
  • 11,210
  • 2
  • 17
  • 36
3
votes
1 answer

Grant access to a single folder in the bucket by AWS STS token

I need to allow an anonymous user to access a single folder in the Amazon S3 bucket by providing an STS Token. I found a guide on how to provide an access to a user-specific folders in one bucket based on policies and policy variables. There you use…
Evgeny
  • 51
  • 5
3
votes
3 answers

AWS temporary credentials — is the Expiration time in UTC?

I imagine this is likely, but I haven't found any explicit information saying that it's true. When receiving a Credentials object from AssumeRole, is the Expiration in UTC time?
Derek Hauffe
  • 85
  • 10
3
votes
1 answer

obtaining AWS credentials using cognito in python boto

I'm trying to emulate the flow of my server application creating a temporary access/secret key pair for a mobile device using my own authentication. Mobile device talks to my server and end result is it gets AWS credentials. I'm using Cognito with a…
lollercoaster
  • 15,969
  • 35
  • 115
  • 173
3
votes
0 answers

Determining an AWS arn from a federated user's credentials

How can you determine what federated user belongs to a set of credentials? I've seen some options for finding a regular user, but temporary credentials created by getting a federation token don't seem to work since they don't have GetUser…
thevarmint
  • 63
  • 1
  • 5
2
votes
0 answers

React Native & AWS Client STS

I am trying to get cross account credentials for AWS Client Secret Manager by calling main function in the file. I am getting an error saying Error: Credentials Missing I tried everything, except for putting the credentials and storing them on my…
Nata Vacheishvili
  • 387
  • 1
  • 5
  • 18
2
votes
1 answer

The provided policy document does not meet the requirements of the specified policy type

I am getting an error"The provided policy document does not meet the requirements of the specified policy type.", While trying to create SCP policy. I idea is limit who can update the existing function and also who can pass the role for a new…
Pradeep
  • 69
  • 1
  • 5
2
votes
0 answers

`aws sts get-caller-identity` returns account info for previous account

i previously was using aws cli for an old account. since then, i've reconfigured the cli using aws configure and provided the access_key_id/secret_access_key associated w/ an entirely new account. however, when i run aws sts get-caller-identity, it…
briar sweetbriar
  • 21
  • 2
2
votes
0 answers

Unexpected exception AccessDenied: User: arn:aws:iam::123456789:user/abc is not authorized to perform: sts:AssumeRole on resource: arn:aws:chime

I have to generate a federated token using AWS STS for an authenticated Cognito User in the Cognito Pool. The problem is that when I run the code by following the documentation of aws-docs it returns me with this error: unexpected exception…
Muhammad Kumail
  • 39
  • 5
2
votes
1 answer

How to query Assumed Role

My application generates this error message: arn:aws:sts::123456789012:assumed-role/my-service-role/aws-sdk-1111111111111 is not authorized to perform: secretsmanager:GetSecretValue How can I see more information about which roles or permissions…
Buh Buh
  • 7,443
  • 1
  • 34
  • 61
2
votes
0 answers

How to connect to MinIo server using temporary credentials and ASW S3 client in C#?

I am able to connect to MinIo bucket and upload objects using AWS SDK and S3 client by passing MinIo credentials in C#. { AuthenticationRegion = RegionEndpoint.USEast1.SystemName, ServiceURL = minioURL, …
dotnet developer
  • 65
  • 6
2
votes
0 answers

AWS STS returns invalid token

By enabling MFA on an AMI the aws-cli is locked out as it requires a session token. Acquiring a session token is described here and here which looks really straight forward. So taking the next step I made a script out of those. ... aws iam…
Michael Michailidis
  • 1,002
  • 1
  • 8
  • 21
2
votes
1 answer

AWS Java V2 SDK failing with connect timed out while getting token from STS service behind corporate proxy

I am trying to get AWS SDK V2 setup on my project I want to use the DynamoDbAsyncClient from the V2 SDK. My AWS Configuration is as below: @Configuration public class AwsSdkV2Configuration { private static final String SESSION = "ddb_access"; …
shred22
  • 83
  • 1
  • 10
1 2
3
14 15