IuriiO Notebook
Security Token Service
  • Grants users limited and temporary access to AWS resources. Users can come from these sources:
    • Federation (typically Active Directory)
      • Uses Security Assertion Markup Language (SAML)
      • Grants temporary access based off the user Active Directory credentials
      • Does not need to be a user in IAM
      • Single sign on allows users to login to AWS console without assigning IAM credentials
    • Federation with mobile apps
      • Use Facebook / Google / Amazon or other OpenID providers to login.
    • Cross account access
      • Let's users from one AWS account access resources in another AWS account
Copy link