checklist.day

AWS STS (IAM)

JSON →
aws security

AWS Security Token Service (STS) grants temporary, limited-privilege credentials for IAM users or federated users.

Common permissions

sts:GetCallerIdentitysts:GetSessionTokensts:GetFederationTokensts:GetWebIdentityTokensts:GetAccessKeyInfosts:GetServiceBearerTokensts:TagSessionsts:GetDelegatedAccessToken

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "sts:GetCallerIdentity",
        "sts:GetSessionToken",
        "sts:GetFederationToken",
        "sts:GetWebIdentityToken",
        "sts:GetAccessKeyInfo",
        "sts:GetServiceBearerToken",
        "sts:TagSession",
        "sts:GetDelegatedAccessToken"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/sts/sts.json ↗

API

full doc /v1/iam/sts