STS is a web service that enables an application to dynamically generate temporary security credentials with restricted permissions based on an IAM role. These temporary credentials can be generated either for an IAM user or for a federated user as we have seen in the previous section for web identity federation.
Temporary security credentials generated using AWS STS for a trusted user can control access to your AWS resources. Temporary security credentials and the long-term access key credentials used by IAM users work in almost the same way except for a few differences:
- Temporary security credentials, as the name suggests, are for short-term use only. These credentials expire after a specific time.
- Temporary security credentials can be configured to expire within a few minutes to several hours.
- After the credentials expire, AWS does not recognize them. Any kind of access from API requests made with expired credentials is not allowed.
- Temporary security credentials are not stored with the...