hands-on lab

Examining the AWS Security Token Service (STS)

Up to 1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


AWS Security Token Service (STS) allows you to request temporary credentials that allow access to AWS resources in your AWS account. Policies associated with the credentials allow you to restrict privileges.

Learning how and when to use AWS STS will make you more effective at understanding and implementing secure solutions in the public AWS cloud.

In this lab, you will examine the AWS STS API, you will use it to generate temporary credentials.

Learning Objectives

Upon completion of this beginner-level lab, you will be able to:

  • Use the AWS CLI to check your current credentials
  • Use the AWS CLI to assume an AWS IAM role
  • Implement a simple Python web application that assumes an IAM role using AWS STS

Intended Audience

  • Candidates for the AWS Certified Developer Associate certification
  • Cloud Architects
  • DevOps Engineers
  • Software Engineers


Familiarity with the following will be beneficial but is not required:

  • AWS Security Token Service (STS)
  • AWS Identity and Access Management (IAM)
  • The AWS command-line interface (CLI)
  • The Python scripting language

The following content can be used to fulfill the prerequisite:


April 25th, 2023 - Updated information regarding duration defaults for temporary security credentials 

Environment before

Environment after

About the author

Learning paths

Andrew is a Labs Developer with previous experience in the Internet Service Provider, Audio Streaming, and CryptoCurrency industries. He has also been a DevOps Engineer and enjoys working with CI/CD and Kubernetes.

He holds multiple AWS certifications including Solutions Architect Associate and Professional.

Covered topics

Lab steps

Determining When to Use AWS STS
Logging In to the Amazon Web Services Console
Connecting to the Virtual Machine Using EC2 Instance Connect
Touring the AWS Security Token Service
Simulating Federation with AWS STS