AWS Security Token Service (STS)

This is the service that provides what are known as short lived or temporary credentials. So let’s have a look at how STS works.

So we have an EC2 instance, in this case, this EC2 instance is running an application. the application needs to write some files or read some files from an S3 bucket. So how does the application running on EC2 get authorized to actually access S3? What we can do is create something called an instance profile and attach an IAM role to the instance profile.

The EC2 instance will then attempt to assume the role by using the sts:AssumeRole API call. Now there’s a couple of different types of policy that apply to the IAM role. You’ve got to trust policy and a permissions policy. Its mentioned above in the policy section of this article.

Will discuss It in more details in EC2 section.