aws-sts

Get the identity of the current caller

$ aws sts get-caller-identity

$ aws sts assume-role --role-arn [arn:aws:iam::account:role/role-name] --role-session-name [session-name]

$ aws sts get-session-token --duration-seconds [3600]

$ aws sts assume-role --role-arn [arn:aws:iam::account:role/role-name] --role-session-name [session-name] --serial-number [arn:aws:iam::account:mfa/device] --token-code [123456]

$ aws sts get-access-key-info --access-key-id [AKIAIOSFODNN7EXAMPLE]

$ aws sts decode-authorization-message --encoded-message [encoded-message]

aws sts subcommand [options]

aws sts is the AWS CLI interface for AWS Security Token Service (STS), which enables you to request temporary, limited-privilege credentials for IAM users or federated users.
STS is essential for cross-account access, identity federation, and implementing least-privilege security. Temporary credentials include an access key, secret key, and session token with configurable expiration.

--role-arn value

The ARN of the role to assume

An identifier for the assumed role session

Duration of the temporary credentials (900-43200 seconds)

The ARN of the MFA device for MFA-protected operations

The value from the MFA device

A unique identifier for cross-account access

Identity

get-caller-identity, get-access-key-info

assume-role, assume-role-with-saml, assume-role-with-web-identity, assume-root

get-session-token, get-federation-token

get-web-identity-token, get-delegated-access-token

decode-authorization-message

Temporary credentials have a maximum duration of 12 hours for role assumption (1 hour default). MFA-protected role assumptions require both --serial-number and --token-code. Chained role assumptions (assuming a role from an assumed role) have a maximum duration of 1 hour.

AWS STS has been available since the launch of IAM in May 2011, enabling temporary security credentials for AWS services. It has expanded to support web identity federation, SAML 2.0, and various assume-role scenarios.

aws(1), aws-iam(1), aws-sso(1)