{"id":2943,"date":"2019-08-30T09:50:32","date_gmt":"2019-08-30T09:50:32","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=2943"},"modified":"2020-05-01T10:57:08","modified_gmt":"2020-05-01T10:57:08","slug":"security-token-service-2","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/security-token-service-2\/","title":{"rendered":"Security Token Service"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>STS provides temporary credentials for AWS resource access<\/li><li>Users can use STS from sources, as\n<ul>\n<li>Federation using Active Directory &#8211;\n<ul>\n<li>Requires SAML<\/li>\n<\/ul>\n<ul>\n<li>temporary credentials as per user\u2019s AD credentials<\/li>\n<\/ul>\n<ul>\n<li>IAM user is not needed<\/li>\n<\/ul>\n<ul>\n<li>With SSO, can also sign in to AWS console without any IAM credentials<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Federation of Mobile Apps with web federation\n<ul>\n<li>Web federation from Facebook\/Amazon\/Google\/other OpenID providers<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Cross Account Access:\n<ul>\n<li>Users from one AWS account access to access resources in other one<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li><li>Important terms\n<ul>\n<li>Federation \u2013join users in one domain with another like AD -&gt; IAM<\/li>\n<\/ul>\n<ul>\n<li>Identity Broker &#8211; service to join or federate, identity from Domain A to Domain B<\/li>\n<\/ul>\n<ul>\n<li>Identity Store &#8211; Services storing identities like AD, Facebook, Google, Amazon, etc.<\/li>\n<\/ul>\n<ul>\n<li>Identities &#8211; user of service<\/li>\n<\/ul>\n<\/li><li>Steps of Authentication\n<ul>\n<li>User enters username\/password<\/li>\n<\/ul>\n<ul>\n<li>Application calls an Identity Broker with username\/password<\/li>\n<\/ul>\n<ul>\n<li>Identity Broker validate user identity with organizational centralized authentication like AD<\/li>\n<\/ul>\n<ul>\n<li>After validation, Identity Broker calls GetFederationToken function with IAM credentials covering IAM policy, permission and duration<\/li>\n<\/ul>\n<ul>\n<li>STS if called by user, returns following values\n<ul>\n<li>Access Key<\/li>\n<\/ul>\n<ul>\n<li>Secret Access Key<\/li>\n<\/ul>\n<ul>\n<li>Token<\/li>\n<\/ul>\n<ul>\n<li>Duration of token<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Identity Broker sends temporary credentials to application<\/li>\n<\/ul>\n<ul>\n<li>Application sends requests to AWS using temporary credentials<\/li>\n<\/ul>\n<ul>\n<li>AWS verifies credentials by IAM and provide requested operation or service<\/li>\n<\/ul>\n<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"300\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-233.png\" alt=\"\" class=\"wp-image-3920\"\/><\/figure>\n\n\n\n<p>Web Identity Federation<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Access AWS resources<\/li><li>Most useful for mobile apps<\/li><li>Process involves\n<ul>\n<li>application getting authentication token<\/li>\n<\/ul>\n<ul>\n<li>using token for temporary credentials.<\/li>\n<\/ul>\n<\/li><li>Recommended for temporary and should not be embedded or distributed with apps<\/li><li>Supports following providers\n<ul>\n<li>Amazon<\/li>\n<\/ul>\n<ul>\n<li>Facebook<\/li>\n<\/ul>\n<ul>\n<li>Google<\/li>\n<li>Any other OpenID Connect (OIDC) compatible id provider<\/li>\n<\/ul>\n<\/li><\/ul>\n\n\n\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>STS provides temporary credentials for AWS resource access Users can use STS from sources, as Federation using Active Directory &#8211; Requires SAML temporary credentials as per user\u2019s AD credentials IAM user is not needed With SSO, can also sign in to AWS console without any IAM credentials Federation of Mobile Apps with web federation Web&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":2476,"menu_order":39,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[7,306],"class_list":["post-2943","page","type-page","status-publish","hentry","category-amazon-aws","tag-aws","tag-security-token-service"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Security Token Service - Tutorials (TestPrep)<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/security-token-service-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Token Service - Tutorials (TestPrep)\" \/>\n<meta property=\"og:description\" content=\"STS provides temporary credentials for AWS resource access Users can use STS from sources, as Federation using Active Directory &#8211; Requires SAML temporary credentials as per user\u2019s AD credentials IAM user is not needed With SSO, can also sign in to AWS console without any IAM credentials Federation of Mobile Apps with web federation Web...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/security-token-service-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-01T10:57:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-233.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/security-token-service-2\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/security-token-service-2\/\",\"name\":\"Security Token Service - Tutorials (TestPrep)\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-08-30T09:50:32+00:00\",\"dateModified\":\"2020-05-01T10:57:08+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/security-token-service-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/security-token-service-2\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/security-token-service-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified Developer Associate (DVA-C01)\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Security Token Service\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security Token Service - Tutorials (TestPrep)","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/security-token-service-2\/","og_locale":"en_US","og_type":"article","og_title":"Security Token Service - Tutorials (TestPrep)","og_description":"STS provides temporary credentials for AWS resource access Users can use STS from sources, as Federation using Active Directory &#8211; Requires SAML temporary credentials as per user\u2019s AD credentials IAM user is not needed With SSO, can also sign in to AWS console without any IAM credentials Federation of Mobile Apps with web federation Web...","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/security-token-service-2\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-01T10:57:08+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-233.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/security-token-service-2\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/security-token-service-2\/","name":"Security Token Service - Tutorials (TestPrep)","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-08-30T09:50:32+00:00","dateModified":"2020-05-01T10:57:08+00:00","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/security-token-service-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/security-token-service-2\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/security-token-service-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified Developer Associate (DVA-C01)","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-developer-associate\/"},{"@type":"ListItem","position":3,"name":"Security Token Service"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2943","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=2943"}],"version-history":[{"count":5,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2943\/revisions"}],"predecessor-version":[{"id":5114,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2943\/revisions\/5114"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2476"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=2943"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=2943"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=2943"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}