Controlling permissions for temporary security credentials - Amazon Identity and Access Management
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Controlling permissions for temporary security credentials

You can use Amazon Security Token Service (Amazon STS) to create and provide trusted users with temporary security credentials that can control access to your Amazon resources. For more information about Amazon STS, see Temporary security credentials in IAM. After Amazon STS issues temporary security credentials, they are valid through the expiration period and cannot be revoked. However, the permissions assigned to temporary security credentials are evaluated each time a request is made that uses the credentials, so you can achieve the effect of revoking the credentials by changing their access rights after they have been issued.

The following topics assume you have a working knowledge of Amazon permissions and policies. For more information on these topics, see Access management for Amazon resources.