Examining the AWS Security Token Service (STS)

AWS Security Token Service (STS) allows you to request temporary credentials that allow access to AWS resources in your AWS account. Policies associated with the credentials allow you to restrict privileges.

Learning how and when to use AWS STS will make you more effective at understanding and implementing secure solutions in the public AWS cloud.

In this lab, you will examine the AWS STS API, you will use it to generate temporary credentials.

Learning Objectives

Upon completion of this beginner-level lab, you will be able to:

• Use the AWS CLI to check your current credentials
• Use the AWS CLI to assume an AWS IAM role
• Implement a simple Python web application that assumes an IAM role using AWS STS

Intended Audience

• Candidates for the AWS Certified Developer Associate certification
• Cloud Architects
• DevOps Engineers
• Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

• AWS Security Token Service (STS)
• AWS Identity and Access Management (IAM)
• The AWS command-line interface (CLI)
• The Python scripting language

The following content can be used to fulfill the prerequisite:

• Using AWS Identity Federation to Simplify Access at Scale
• How AWS IAM is Used to Securely Manage Access
• How to Use the AWS Command-Line Interface
• Python for Beginners

Updates

April 25th, 2023 - Updated information regarding duration defaults for temporary security credentials