Secure Token Service (STS)

  • Request temporary, limited-privilege credentials for IAM or federated users
  • Identity federation
    1. User logs in with un/pw
    2. Credentials given to identity broker (IB)
    3. IB validates against identity store, e.g., Active Directory
    4. If valid, IB contacts STS
    5. STS issues access key, secret key, and session token
    6. User uses these to login to AWS Console or CLI
  • SAML
    1. User opens identity provider (IdP) login page, enters un/pw, selects appropriate application
    2. IdP validates credentials and permissions, returns user SAML assertion
    3. User POSTs assertion to SaaS application, service provider validates assertion
    4. Service provider creates temporary credentials and returns to user

Stay up to date

Get notified when I publish. Unsubscribe at any time.