Security Token Service

  • Grants users limited and temporary access to AWS resources. Users can come from these sources:

    • Federation (typically Active Directory)

      • Uses Security Assertion Markup Language (SAML)

      • Grants temporary access based off the user Active Directory credentials

      • Does not need to be a user in IAM

      • Single sign on allows users to login to AWS console without assigning IAM credentials

    • Federation with mobile apps

      • Use Facebook / Google / Amazon or other OpenID providers to login.

    • Cross account access

      • Let's users from one AWS account access resources in another AWS account

Last updated