Permissions for temporary security credentials
You can use Amazon Security Token Service (Amazon STS) to create and provide trusted users with temporary security credentials that can control access to your Amazon resources. For more information about Amazon STS, see Temporary security credentials in IAM. After Amazon STS issues temporary security credentials, they are valid through the expiration period and cannot be revoked. However, the permissions assigned to temporary security credentials are evaluated each time a request is made that uses the credentials, so you can achieve the effect of revoking the credentials by changing their access rights after they have been issued.
The following topics assume you have a working knowledge of Amazon permissions and policies. For more information on these topics, see Access management for Amazon resources.
Topics
- Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity
- Monitor and control actions taken with assumed roles
- Permissions for GetFederationToken
- Permissions for GetSessionToken
- Disabling permissions for temporary security credentials
- Granting permissions to create temporary security credentials
- Granting permissions to use identity-aware console sessions