AWS Security Token Service (STS)

AWS Security Token Service (STS) is the engine behind temporary credentials in AWS. Every time you assume a role, federate an external identity, or request session tokens, STS is doing the work. Understanding STS is essential for building secure architectures.

What is AWS STS?

STS is a global web service that provides temporary, limited-privilege security credentials. These credentials consist of three parts:

Component	Description
Access Key ID	Identifies the temporary credential
Secret Access Key	Used to sign requests
Session Token	Must be included with every request using temporary credentials

Temporary credentials work almost identically to permanent access keys, except:

They expire automatically after a configurable period.
They cannot be revoked individually — you revoke them by changing the role's permissions or the session policy.
They are not stored with the user — STS generates them on demand.

Why Use Temporary Credentials?

Temporary credentials are a cornerstone of AWS security best practices:

AWS Security Token Service (STS)

AWS Security Token Service (STS)

What is AWS STS?

Why Use Temporary Credentials?

More in Cloud