AWS Security Token Service
Using Temporary Security Credentials (API Version 2011-06-15)
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.Did this page help you?  Yes | No |  Tell us about it...

AWS Services that Support AWS Security Token Service (AWS STS)

This topic describes the AWS products that support requests made using the temporary security credentials that are generated by AWS STS API actions.

For information about how to use temporary security credentials with the AWS SDKs or when making API calls, see Requesting AWS Resources Using Temporary Security Credentials.

List of AWS Services that Support AWS STS

AWS ProductSupports Temporary Security Credentials?

AWS Billing and Cost Management

Yes
Amazon AppStreamYes
Auto ScalingYes

AWS CloudFormation

Yes

Amazon CloudFront

Yes

AWS CloudHSM

No
Amazon CloudSearchYes
AWS CloudTrailYes

Amazon CloudWatch

Yes
AWS Data PipelineYes
AWS Direct ConnectYes

Amazon DynamoDB

Yes

AWS Elastic Beanstalk

No

Amazon Elastic Compute Cloud (Amazon EC2)

Yes

Elastic Load Balancing

Yes

Amazon Elastic MapReduce (Amazon EMR)

Yes
Amazon Elastic TranscoderYes

Amazon ElastiCache

Yes
Amazon Flexible Payments Service (Amazon FPS)No
Amazon Fulfillment Web Service (Amazon FWS)No
Amazon GlacierYes

AWS Identity and Access Management (IAM)

Yes; see below.
AWS Import/ExportYes

Amazon Kinesis

Yes

AWS Marketplace

Yes

AWS Marketplace Management Portal

No
Amazon Mechanical TurkNo
AWS OpsWorksYes
Amazon RedshiftYes

Amazon Relational Database Service (Amazon RDS)

Yes

Amazon Route 53

Yes

AWS Security Token Service

Yes; see below.

Amazon Simple Email Service (Amazon SES)

Yes

Amazon Simple Notification Service (Amazon SNS)

Yes

Amazon Simple Queue Service (Amazon SQS)

Yes

Amazon Simple Storage Service (Amazon S3)

Yes

Amazon Simple Workflow Service (Amazon SWF)

Yes

Amazon SimpleDB

Yes

AWS Storage Gateway

Yes

AWS Support

Yes; see below.

Amazon Virtual Private Cloud (Amazon VPC)

Yes

Amazon WorkSpaces

No
  • AWS Identity and Access Management (IAM): IAM's support for temporary security credentials (STS credentials) depends on how those credentials are obtained:

    • The STS credentials returned by calling GetFederationToken can access IAM when using single sign-on to the AWS Management Console, but not when using the API or CLI.

    • The STS credentials returned by calling GetSessionToken can access IAM when the GetSessionToken call included valid MFA authentication. When the GetSessionToken call did not include MFA authentication, the resulting STS credentials cannot be used to call any IAM APIs.

    • The STS credentials returned by calling AssumeRole, AssumeRoleWithWebIdentity, and AssumeRoleWithSAML can always access IAM.

  • AWS STS. You can use the temporary security credentials that you get from the AssumeRole, AssumeRoleWithWebIdentity, or AssumeRoleWithSAML call to make subsequent calls to AssumeRole; however, you cannot use those credentials to call GetFederationToken or GetSessionToken. You cannot use the temporary security credentials from GetFederationToken or GetSessionToken to call any STS APIs.

  • AWS Support. You can use temporary security credentials to call the AWS Support API, but you cannot use those credentials to access the Support Center or Trusted Advisor portals.

Additional Information About Using AWS STS with Other AWS Services

For more information about using AWS STS with other AWS services, see the following links: