Additional resources for temporary security credentials

The following scenarios and applications can guide you in using temporary security credentials:

How to integrate Amazon STS SourceIdentity with your identity provider. This post shows you how to set up the Amazon STS SourceIdentity attribute when using Okta, Ping, or OneLogin as your IdP.
About web identity federation. This section discusses how to configure IAM roles when you use web identity federation and the AssumeRoleWithWebIdentity API.
Configuring MFA-protected API access. This topic explains how to use roles to require multi-factor authentication (MFA) to protect sensitive API actions in your account.
Token Vending Machine for Identity Registration. This sample Java web application uses the GetFederationToken API to serve temporary security credentials to remote clients.

For more information on policies and permissions in Amazon see the following topics:

Access management for Amazon resources
Policy evaluation logic.
Managing Access Permissions to Your Amazon S3 Resources in Amazon Simple Storage Service User Guide.
To learn whether principals in accounts outside of your zone of trust (trusted organization or account) have access to assume your roles, see What is IAM Access Analyzer?.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Sample applications that use temporary credentials

Log events with CloudTrail