|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
AWS determines what permissions to associate with temporary security credentials at the time
that the credentials are created. For example, the permissions for the temporary security
credentials are bound to either the role that was assumed (
AssumeRoleWithWebIdentity) or to the IAM user that made the request
GetSessionToken). The temporary
security credentials are not bound to a set of static permissions when the credentials are
created. Instead, the effective permissions are evaluated when a request is made that uses
the credentials, based on the current permissions of the associated IAM user or role that
the temporary security credentials are bound to.
After temporary security credentials have been issued, they are valid through the expiration period and cannot be revoked. However, because the permissions for the temporary credentials are checked for each request, you can change the effective permissions for the temporary security credentials by editing (or deleting) the policy or policies that describe the permissions for the role or user. In effect, you can change the access rights for those credentials even after the credentials have been issued.
This section describes what you need to know about granting permissions in temporary security credentials, and how to update or disable permissions after temporary security credentials have been issued.