AWS SDK for .NET Documentation
GetSessionToken Method
AmazonAmazon.SecurityTokenAmazonSecurityTokenServiceGetSessionToken()()()() Did this page help you?   Yes   No    Tell us about it...
Members
IconMemberDescription
GetSessionToken()()()()
Returns a set of temporary credentials for an AWS account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use
CopyC#
GetSessionToken
if you want to use MFA to protect programmatic calls to specific AWS APIs like Amazon EC2
CopyC#
StopInstances
. MFA-enabled IAM users would need to call
CopyC#
GetSessionToken
and submit an MFA code that is associated with their MFA device. Using the temporary security credentials that are returned from the call, IAM users can then make programmatic calls to APIs that require MFA authentication.

The

CopyC#
GetSessionToken
action must be called by using the long-term AWS security credentials of the AWS account or an IAM user. Credentials that are created by IAM users are valid for the duration that you specify, between 900 seconds (15 minutes) and 129600 seconds (36 hours); credentials that are created by using account credentials have a maximum duration of 3600 seconds (1 hour).

Note:

We recommend that you do not call

CopyC#
GetSessionToken
with root account credentials. Instead, follow our best practices by creating one or more IAM users, giving them the necessary permissions, and using IAM users for everyday interaction with AWS.

The permissions associated with the temporary security credentials returned by

CopyC#
GetSessionToken
are based on the permissions associated with account or IAM user whose credentials are used to call the action. If
CopyC#
GetSessionToken
is called using root account credentials, the temporary credentials have root account permissions. Similarly, if
CopyC#
GetSessionToken
is called using the credentials of an IAM user, the temporary credentials have the same permissions as the IAM user.

For more information about using

CopyC#
GetSessionToken
to create temporary credentials, go to Creating Temporary Credentials to Enable Access for IAM Users in Using Temporary Security Credentials.


GetSessionToken(GetSessionTokenRequest)
Returns a set of temporary credentials for an AWS account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use
CopyC#
GetSessionToken
if you want to use MFA to protect programmatic calls to specific AWS APIs like Amazon EC2
CopyC#
StopInstances
. MFA-enabled IAM users would need to call
CopyC#
GetSessionToken
and submit an MFA code that is associated with their MFA device. Using the temporary security credentials that are returned from the call, IAM users can then make programmatic calls to APIs that require MFA authentication.

The

CopyC#
GetSessionToken
action must be called by using the long-term AWS security credentials of the AWS account or an IAM user. Credentials that are created by IAM users are valid for the duration that you specify, between 900 seconds (15 minutes) and 129600 seconds (36 hours); credentials that are created by using account credentials have a maximum duration of 3600 seconds (1 hour).

Note:

We recommend that you do not call

CopyC#
GetSessionToken
with root account credentials. Instead, follow our best practices by creating one or more IAM users, giving them the necessary permissions, and using IAM users for everyday interaction with AWS.

The permissions associated with the temporary security credentials returned by

CopyC#
GetSessionToken
are based on the permissions associated with account or IAM user whose credentials are used to call the action. If
CopyC#
GetSessionToken
is called using root account credentials, the temporary credentials have root account permissions. Similarly, if
CopyC#
GetSessionToken
is called using the credentials of an IAM user, the temporary credentials have the same permissions as the IAM user.

For more information about using

CopyC#
GetSessionToken
to create temporary credentials, go to Creating Temporary Credentials to Enable Access for IAM Users in Using Temporary Security Credentials.


Assembly: AWSSDK (Module: AWSSDK) Version: 1.5.60.0 (1.5.60.0)