AWS Security Token Service
Using Temporary Security Credentials (API Version 2011-06-15)
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.Did this page help you?  Yes | No |  Tell us about it...

AWS Services that Support AWS Security Token Service (AWS STS)

This topic describes the AWS products that support requests made using the temporary security credentials that are generated by AWS STS API actions.

For information about how to use temporary security credentials with the AWS SDKs or when making API calls, see Using Temporary Security Credentials.

List of AWS Services that Support AWS STS

AWS ProductSupports Temporary Security Credentials?

AWS Billing and Cost Management

No
Amazon AppStreamYes
Auto ScalingYes

AWS CloudFormation

Yes

Amazon CloudFront

Yes

AWS CloudHSM

No
Amazon CloudSearchYes
AWS CloudTrailYes

Amazon CloudWatch

Yes
AWS Data PipelineYes
AWS Direct ConnectYes

Amazon DynamoDB

Yes

AWS Elastic Beanstalk

No

Amazon Elastic Compute Cloud (Amazon EC2)

Yes

Elastic Load Balancing

Yes

Amazon Elastic MapReduce (Amazon EMR)

No
Amazon Elastic TranscoderYes

Amazon ElastiCache

Yes
Amazon Flexible Payments Service (Amazon FPS)No
Amazon Fulfillment Web Service (Amazon FWS)No
Amazon GlacierYes

AWS Identity and Access Management (IAM)

Yes; see below
AWS Import/ExportYes

Amazon Kinesis

Yes

AWS Marketplace

Yes

AWS Marketplace Management Portal

No
Amazon Mechanical TurkNo
AWS OpsWorksYes
Amazon RedshiftYes

Amazon Relational Database Service (Amazon RDS)

Yes

Amazon Route 53

Yes

AWS Security Token Service

Yes; see below

Amazon Simple Email Service (Amazon SES)

Yes

Amazon Simple Notification Service (Amazon SNS)

Yes

Amazon Simple Queue Service (Amazon SQS)

Yes

Amazon Simple Storage Service (Amazon S3)

Yes

Amazon Simple Workflow Service (Amazon SWF)

Yes

Amazon SimpleDB

Yes

AWS Storage Gateway

Yes

AWS Support

No

Amazon Virtual Private Cloud (Amazon VPC)

Yes

Amazon WorkSpaces

No
  • IAM. Supports AssumeRole, AssumeRoleWithWebIdentity, and AssumeRoleWithSAML. If you use GetFederationToken, you can access IAM when using single sign-on to the AWS Management Console, but not from the API or CLI. For more information, see Giving Federated Users Direct Access to the AWS Management Console. You cannot use temporary security credentials from GetSessionToken to call any IAM APIs.

  • AWS STS. You can use the temporary security credentials that you get from the AssumeRole, AssumeRoleWithWebIdentity, or AssumeRoleWithSAML call to make subsequent calls to AssumeRole; however, you cannot use those credentials to call GetFederationToken or GetSessionToken. You cannot use the temporary security credentials from GetFederationToken or GetSessionToken to call any STS APIs. You cannot use temporary security credentials from GetSessionToken to call any IAM APIs.

Additional Information About Using AWS STS with Other AWS Services

For more information about using AWS STS with other AWS services, see the following links: