Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

JWT

The JWT (JSON Web Token) plugin provides an interface that uses JSON Web Tokens to assume an Amazon IAM role. The configuration depends on the identity provider. For information about configuring federation for Google Cloud and Amazon, see Configure workload identity federation with Amazon or Azure in the Google Cloud documentation.

Authentication type

Preferred role

The Amazon Resource Name (ARN) of the role to assume. For more information about ARN roles, see AssumeRole in the Amazon Security Token Service API Reference.

Session duration

The duration, in seconds, of the role session. For more information about session duration, see AssumeRole in the Amazon Security Token Service API Reference.

JSON web token

The JSON web token that is used to retrieve IAM temporary credentials using the AssumeRoleWithWebIdentity Amazon STS API action. For information about generating JSON web tokens for Google Cloud Platform (GCP) users, see Using JWT OAuth tokens in the Google Cloud documentation.

Role session name

A name for the session. A common technique is to use the name or identifier of the user of your application as the role session name. This conveniently associates the temporary security credentials that your application uses with the corresponding user.