Difference between revisions of "Aws sts assume-role"
Jump to navigation
Jump to search
(20 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{lc}} | {{lc}} | ||
− | https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/assume-role.html | + | <code>[[aws sts]] assume-role</code> ([https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/assume-role.html doc], [https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html API ref]) Returns a set of [[temporary security credentials]] that you can use to access Amazon Web Services resources. |
− | |||
− | |||
− | |||
− | |||
− | + | * <code>[[aws sts]] assume-role [[--role-arn]] your_role</code> | |
− | + | * <code>[[aws sts]] assume-role [[--role-arn]] your_role [[--role-session-name]] XXXX</code> | |
+ | * <code>[[aws sts]] assume-role [[--role-arn]] your_role [[--role-session-name]] XXXX [[--serial-number]] yyyyy [[--token-code]] [[your-token]]</code> | ||
+ | * <code>[[aws sts get-session-token --profile]]</code> | ||
--role-arn <value> | --role-arn <value> | ||
Line 20: | Line 18: | ||
* <code>[[aws sts assume-role-with-saml]]</code> | * <code>[[aws sts assume-role-with-saml]]</code> | ||
* <code>[[sts:AssumeRole]]</code> | * <code>[[sts:AssumeRole]]</code> | ||
+ | * [[Maximum session duration]] | ||
+ | * <code>[[assumed-role/]]</code> | ||
+ | * <code>[[aws sts get-caller-identity]]</code> | ||
+ | * <code>[[aws iam get-role]]</code> | ||
== Activities == | == Activities == | ||
* [[Enhance programmatic access for IAM users using a YubiKey for multi-factor authentication]] | * [[Enhance programmatic access for IAM users using a YubiKey for multi-factor authentication]] | ||
+ | * [[Creating a role to delegate permissions to an IAM user]] | ||
== See also == | == See also == | ||
+ | * {{aws sts assume-role}} | ||
* {{aws sts}} | * {{aws sts}} | ||
+ | * {{AWS roles}} | ||
[[Category:AWS]] | [[Category:AWS]] |
Latest revision as of 15:18, 3 January 2024
aws sts assume-role
(doc, API ref) Returns a set of temporary security credentials that you can use to access Amazon Web Services resources.
aws sts assume-role --role-arn your_role
aws sts assume-role --role-arn your_role --role-session-name XXXX
aws sts assume-role --role-arn your_role --role-session-name XXXX --serial-number yyyyy --token-code your-token
aws sts get-session-token --profile
--role-arn <value> --role-session-name <value> --duration-seconds <value> The maximum session duration setting can have a value from 1 hour to 12 hours --source-identity
Related[edit]
- AWS IAM role
aws iam enable-mfa-device
aws sts assume-role-with-saml
sts:AssumeRole
- Maximum session duration
assumed-role/
aws sts get-caller-identity
aws iam get-role
Activities[edit]
- Enhance programmatic access for IAM users using a YubiKey for multi-factor authentication
- Creating a role to delegate permissions to an IAM user
See also[edit]
aws sts assume-role
,assumed-role/, arn:aws:sts
- AWS STS
(sts:)
,aws sts
[get-session-token
|get-caller-identity
|assume-role | assume-role-with-web-identity | assume-role-with-saml | get-access-key-info ]
- AWS IAM role, AWS service roles, AWS IAM Roles Anywhere: [
list-roles | get-role | create-role | put-role-policy | create-service-linked-role | attach-role-policy | update-role | add-role-to-instance-profile ], aws ec2 describe-iam-instance-profile-associations ]
, IAM roles for EC2 instances,AWSServiceRoleForAutoScaling
Advertising: