STS

Grants users limited and temporary access to AWS resources. Users can come from these sources:

• Federation (typically Active Directory)

  • Uses Security Assertion Markup Language (SAML)

  • Grants temporary access based off the user Active Directory credentials

  • Does not need to be a user in IAM

  • Single sign on allows users to login to AWS console without assigning IAM credentials

• Federation with mobile apps

  • Use Facebook / Google / Amazon or other OpenID providers to login.

• Cross account access

  • Let's users from one AWS account access resources in another AWS account