Permissions in Temporary Security Credentials for IAM Users

When the AWS Security Token Service (STS) GetSessionToken API action is called to create temporary security credentials, the credentials returned in the response match those of the IAM user entity that made the call. The user can access only the AWS resources that are granted in the policy or policies that apply to that user.

For more information about IAM user permissions and policies, see Overview of Permissions.