DevOps

STS

Security Token Service

API

AssumeRole

aws sts assume-role

Once the request is successful, AWS generates and returns temporary credentials consisting of

  • an access key ID

  • a secret access key

  • a security token.

DecodeAuthorizationMessage

aws sts decode-authorization-message --encoded-message <encodedMessage>

This command will return a decoded message in JSON format that contains details about the unauthorized request:

  • the user

  • the action they attempted to perform

  • any conditions that contributed to the denial.

Trivia

  • AWS STS can’t be accessed on the AWS console; it is only accessible through API.

  • All STS requests go to a single endpoint at https://sts.amazonaws.com/, and logs are then recorded to AWS CloudTrail.

PreviousShieldNextTrusted Advisor

Last updated