Returns a set of temporary credentials for an AWS account or IAM user. The credentials
consist of an access key ID, a secret access key, and a security token. Typically,
if you want to use MFA to protect programmatic
calls to specific AWS APIs like Amazon EC2
IAM users would need to call
and submit an MFA code
that is associated with their MFA device. Using the temporary security credentials
that are returned from the call, IAM users can then make programmatic calls to
APIs that require MFA authentication.
Copy action must be called by using the long-term AWS
security credentials of the AWS account or an IAM user. Credentials that are
created by IAM users are valid for the duration that you specify, between 900
seconds (15 minutes) and 129600 seconds (36 hours); credentials that are created
by using account credentials have a maximum duration of 3600 seconds (1 hour).
We recommend that you do not call
Copy with root account credentials.
Instead, follow our best
practices by creating one or more IAM users, giving them the necessary permissions,
and using IAM users for everyday interaction with AWS.
The permissions associated with the temporary security credentials returned by
Copy are based on the permissions associated with account
or IAM user whose credentials are used to call the action. If
is called using root account credentials, the temporary credentials have root
account permissions. Similarly, if
Copy is called using
the credentials of an IAM user, the temporary credentials have the same permissions
as the IAM user.
For more information about using
Copy to create temporary
credentials, go to Creating Temporary Credentials to Enable Access for IAM Users
in Using Temporary Security Credentials.
The response from the GetSessionToken service method, as returned by SecurityTokenService.
(Module: AWSSDK) Version: 184.108.40.206 (220.127.116.11)