Stack Overflow
Stack Overflow

Questions tagged [aws-sts]

The AWS Security Token Service (STS) is a web service that lets you grant a trusted user temporary, limited-privilege credentials to access your Amazon Web Services (AWS) resources.

Resources

214 questions
2
votes
0 answers

AWS CDK using MFA but without immediate expiration

Update 2021-07-09: Invested a bit more time for testing and narrowed the problem to AWS CDK and NOT AWS CLI. If I run aws s3 ls --profile dev a cache file is created under ~/.aws/cli/cache/ and everything is working. So my question was…
lony
  • 6,733
  • 11
  • 60
  • 92
2
votes
1 answer

"profile file cannot be null" when trying to assume role from AWS Lambda

Please forgive me if my question is basic, but I am new to AWS. I am using Java to create a lambda function which can assume a role from another AWS account. I have created the role on the other account, created the role on this account to assume…
Alan
  • 96
  • 2
  • 9
2
votes
0 answers

Will The Aws sdk for C++ refresh the assumed role once the time for assumed role is expired using STS?

I have a use case where i have to assume a role using ARN to access S3 resource but my concern is that will the STS automatically refresh the credentials once the time for assumed role is expired. The auto assuming role is present in Java Aws sdk…
yaswanth sai
  • 31
  • 2
2
votes
1 answer

AWS SDK v3 Assume role for a client

I'm writing a Node JS app using AWS JS SDK v3. I am correctly using STS to assume role and retrieve credentials. The assume call response is such: { "$metadata": { "httpStatusCode": 200, "requestId": "xxx", "attempts":…
Jan Horčička
  • 671
  • 1
  • 11
  • 26
2
votes
1 answer

com.amazonaws.SdkClientException : Unable to execute HTTP request: sts.amazonaws.com in GetSessionToken

Not found the exact root cause. This is happening while executing GetSessionToken and its inconsistent behavior. Could anyone know the root cause and possible fixes? aws-java-sdk version 1.11.905 Executed code AWSCredentials awsCredentials = new…
Dhaval Shah
  • 23
  • 1
  • 5
2
votes
2 answers

How to check if an AWS STS access token is valid

I have a lambda function that uses AWS STS to generate temporary credentials and then sends the access token via HTTP to a Web API in an EC2 instance. Is there a way to validate the received access token from the API?
ayou392
  • 187
  • 2
  • 10
2
votes
1 answer

Exception when creating a role on Ceph Object Gateway using Java AWS SDK

I am trying to follow the Ceph documentation's examples to test its STS functionality using the Java AWS SDK (v 2.5.16). It is failing rather early on in the process when calling the IamClient's createRole method. The exception thrown…
Christoph
  • 233
  • 1
  • 6
2
votes
2 answers

EC2 Instance Metadata OR AWS STS for API Authentication? security best practice

Here is the use case. I have an EC2 instance running the ServiceNow mid-server agent. EC2 instance has IAM_Role attached called "TestIAMRole" and assume role policy is attached to the role. I use this EC2 instance and ServiceNow mid-server agent to…
snowcoder
  • 481
  • 1
  • 9
  • 23
2
votes
2 answers

How to use AWS cli to get access keys in an MFA context?

I'm developing a simple app that will run on an existing EC2 instance. The AWS account is secured with MFA. We use a main account and assume a role into our target account for personal access. The app only deals with the MFA when I'm developing…
Josh Russo
  • 3,080
  • 2
  • 41
  • 62
2
votes
1 answer

Does Role Session Name in AWS assume role have to be unique?

AWS documentation says that role session name is used to uniquely identify a session. So what happens if I have 2 instances of my application running which assume the role with same session?
Yeetesh Pulstya
  • 99
  • 1
  • 10
2
votes
1 answer

Using aws STS to get temporary credentials: Where is the web identity token?

My users login to my application through a microservice that connects to cognito (the request is proxied via API gateway) They get a session token. Once logged in, they need to put some files to S3. I want to give them temporary credentials using…
gyc
  • 4,300
  • 5
  • 32
  • 54
2
votes
1 answer

STS Get Caller Identity C++

On the command line I'm able to run this AWS CLI command to get the AWS UserId being used on my local machine $ aws sts get-caller-identity { "UserId": "123456789:john.doe", "Account": "123456789", "Arn":…
Kyle Bridenstine
  • 6,055
  • 11
  • 62
  • 100
2
votes
0 answers

Use STS credentials to access S3 content via CloudFront

Summary I have a platform running in AWS which is exposed via REST APIs backed by AWS Lambda. The platform stores metadata in DynamoDB and content in S3. Users are authenticated by Cognito and are stored in a User Pool. The platform manages…
Stuart Leyland-Cole
  • 1,243
  • 7
  • 19
  • 35
2
votes
1 answer

How to assume role which is passed from a aws config Rule in python

I am trying to centrally manage the lambda function for the custom config rule which is running in the child account. The lambda function will assume role which is passed to the config rule as a parameter. I am following How to Centrally Manage AWS…
RMish
  • 131
  • 2
  • 11
2
votes
0 answers

How to verify a payload signed using AWS temporary credentials and identify The Principal?

I am implementing a solution on AWS where clients (producers) on-premise are sending messages to AWS SQS queue. AWS IAM temporary credentials are used by AWS to authenticate clients on SQS API calls (Sigv4). The consumer application on AWS that…
Yossi Cohen
  • 91
  • 5
1 2 3
14 15