Additional resources for temporary security credentials

The following scenarios and applications can guide you in using temporary security credentials:

How to integrate Amazon STS SourceIdentity with your identity provider. This post shows you how to set up the Amazon STS SourceIdentity attribute when using Okta, Ping, or OneLogin as your IdP.
OIDC federation. This section discusses how to configure IAM roles when you use OIDC federation and the AssumeRoleWithWebIdentity API.
Configuring MFA-protected API access. This topic explains how to use roles to require multi-factor authentication (MFA) to protect sensitive API actions in your account.

For more information on policies and permissions in Amazon see the following topics:

Access management for Amazon resources
Policy evaluation logic.
Managing Access Permissions to Your Amazon S3 Resources in Amazon Simple Storage Service User Guide.
To learn whether principals in accounts outside of your zone of trust (trusted organization or account) have access to assume your roles, see What is IAM Access Analyzer?.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Enabling custom identity broker access to the Amazon console

Tagging IAM resources