Additional resources for temporary security credentials
The following scenarios and applications can guide you in using temporary security credentials:
-
How to integrate Amazon STS SourceIdentity with your identity provider
. This post shows you how to set up the Amazon STS SourceIdentity
attribute when using Okta, Ping, or OneLogin as your IdP. -
About web identity federation. This section discusses how to configure IAM roles when you use web identity federation and the
AssumeRoleWithWebIdentity
API. -
Configuring MFA-protected API access. This topic explains how to use roles to require multi-factor authentication (MFA) to protect sensitive API actions in your account.
-
Token Vending Machine for Identity Registration
. This sample Java web application uses the GetFederationToken
API to serve temporary security credentials to remote clients.
For more information on policies and permissions in Amazon see the following topics:
-
Managing Access Permissions to Your Amazon S3 Resources in Amazon Simple Storage Service User Guide.
-
To learn whether principals in accounts outside of your zone of trust (trusted organization or account) have access to assume your roles, see What is IAM Access Analyzer?.