The aws sts command is a part of the AWS Command Line Interface (CLI) and provides functionality to interact with the AWS Security Token Service (STS). AWS STS enables you to request temporary security credentials for IAM (Identity and Access Management) users or federated users.
Here’s an overview of the aws sts command and its functionality:
- Requesting Temporary Credentials: The primary purpose of the aws sts command is to request temporary security credentials. Temporary credentials are short-lived and can be used to access AWS resources on behalf of IAM users or federated users.
- IAM Users: For IAM users, the aws sts command allows you to assume an IAM role, providing temporary credentials with the permissions associated with that role. This allows IAM users to temporarily elevate their privileges and access resources they would not have access to otherwise.
- Federated Users: AWS STS also supports federated users, which are users authenticated through an external identity provider (IdP) such as Active Directory Federation Services (AD FS) or Amazon Cognito. The aws sts command enables federated users to request temporary credentials based on their federated identity.
- Cross-Account Access: With AWS STS, you can request temporary credentials to access resources in another AWS account. The aws sts command supports assuming a role in a different account, allowing you to access resources across account boundaries while maintaining security and control.
- MFA Authentication: AWS STS supports Multi-Factor Authentication (MFA) to provide an additional layer of security. The aws sts command allows you to specify MFA devices for authentication when assuming a role or requesting temporary credentials.
- Access Control: The aws sts command requires appropriate IAM permissions to perform operations with STS. IAM policies can be used to control who can assume roles, request temporary credentials, and perform other STS-related actions.
The aws sts command provides a convenient way to interact with the AWS Security Token Service from the command line. It allows you to request temporary security credentials for IAM users or federated users, enabling controlled and temporary access to AWS resources.
aws sts Command Examples
1. Get temporary security credentials to access specific AWS resources:
# aws sts assume-role --role-arn aws_role_arn
2. Get an IAM user or role whose credentials are used to call the operation:
# aws sts get-caller-identity