AWS Security Token Service (STS) allows you to request temporary credentials that allow access to AWS resources in your AWS account. Policies associated with the credentials allow you to restrict privileges.
Learning how and when to use AWS STS will make you more effective at understanding and implementing secure solutions in the public AWS cloud.
In this lab, you will examine the AWS STS API, you will use it to generate temporary credentials.
Learning Objectives
Upon completion of this beginner-level lab, you will be able to:
- Use the AWS CLI to check your current credentials
- Use the AWS CLI to assume an AWS IAM role
- Implement a simple Python web application that assumes an IAM role using AWS STS
Intended Audience
- Candidates for the AWS Certified Developer Associate certification
- Cloud Architects
- DevOps Engineers
- Software Engineers
Prerequisites
Familiarity with the following will be beneficial but is not required:
- AWS Security Token Service (STS)
- AWS Identity and Access Management (IAM)
- The AWS command-line interface (CLI)
- The Python scripting language
The following content can be used to fulfill the prerequisite:
- Using AWS Identity Federation to Simplify Access at Scale
- How AWS IAM is Used to Securely Manage Access
- How to Use the AWS Command-Line Interface
- Python for Beginners
Updates
April 25th, 2023 - Updated information regarding duration defaults for temporary security credentials
Andrew is a Labs Developer with previous experience in the Internet Service Provider, Audio Streaming, and CryptoCurrency industries. He has also been a DevOps Engineer and enjoys working with CI/CD and Kubernetes.
He holds multiple AWS certifications including Solutions Architect Associate and Professional.