sts

16 actions in the sts service. Select an action to see its access level, resource ARNs, condition keys, and a copy-paste IAM policy.

sts:AssumeRole

Write

Grants permission to obtain a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to

sts:AssumeRoleWithSAML

Write

Grants permission to obtain a set of temporary security credentials for users who have been authenticated via a SAML authentication response

sts:AssumeRoleWithWebIdentity

Write

Grants permission to obtain a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider

sts:AssumeRoot

Write

Grants permission to obtain a set of temporary security credentials that you can use to perform privileged tasks in member accounts in your organization

sts:DecodeAuthorizationMessage

Write

Grants permission to decode additional information about the authorization status of a request from an encoded message returned in response to an AWS request

sts:GetAccessKeyInfo

Read

Grants permission to obtain details about the access key id passed as a parameter to the request

sts:GetCallerIdentity

Read

Grants permission to obtain details about the IAM identity whose credentials are used to call the API

sts:GetDelegatedAccessToken

Write

Returns temporary security credentials for accessing an AWS account after temporary delegation request approval. This API requires the tradeInToken provided upon request delegation approval and is intended to be used only by Amazon or AWS Partners

sts:GetFederationToken

Read

Grants permission to obtain a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user

sts:GetServiceBearerToken

Read

Grants permission to obtain a STS bearer token for an AWS root user, IAM role, or an IAM user

sts:GetSessionToken

Read

Grants permission to obtain a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for an AWS account or IAM user

sts:GetWebIdentityToken

Write

Grants permission to obtain a short-lived, publicly verifiable JSON Web Token (JWT) that represents the calling IAM principal's identity

sts:SetContext

Write

Grants permission to set context keys on a STS session

sts:SetSourceIdentity

Write

Grants permission to set a source identity on a STS session

sts:TagGetWebIdentityToken

Tagging

Grants permission to add tags to the JSON Web Token (JWT) generated by the GetWebIdentityToken API

sts:TagSession

Tagging

Grants permission to add tags to a STS session