AWS sts: Assume-role returns temporary security credentials, like ID/Password or one-time entry key that one can use to access Amazon Web Services resources. These temporary credentials can include an access key ID, a secret access key, and a security token. As the AWS STS Assume Role Example illustrates, one uses AssumeRole within your account or cross-account access.
As depicted in the below AWS STS Assume Role Example, the temporary security credentials created by AssumeRole can be used to make API calls to any Amazon Web Services with some exceptions:
- You cannot call the STS GetFederationToken API Operations
- You cannot call the GetSessionToken API Operations
1. Understand the AWS STS Assume Role in detail
The user account administrator delegates the permission to the user who wishes to access a role in a different account. Upon requesting access to Amazon resources, the admin is compelled to attach a policy that lets the user call the AssumeRole for the ARN of the role in the other account.
- An account admin has to attach a policy to the user
- An account admin adds the user as a principal directly in the role's trust policy
In simpler words, sts:AssumeRole action is how temporary credentials are obtained. Several organizations use it where a user or application calls the API using some already-obtained credentials and returns a new set of credentials to act as the role.
2. How to create one AWS STS Assume Role Example using EdrawMax Online?
Creating an AWS STS Assume Role Example in EdrawMax Online is pretty simple. The free Network Diagram maker has several features, like directly importing the data from the .csv file or creating one from scratch using free templates.
Login EdrawMax Online Log in EdrawMax Online using your registered email address. If this is your first time accessing the tool, you can create your personalized account from your personal or professional email address.
Choose a template EdrawMax Online comes with hundreds of free network diagram templates. Select a pre-designed template from the product based on your preference or need by selecting the "Network" on the left navigation pane. It will open up several Network Diagram types, like Rack Diagram, AWS, and more. Alternatively, press "+" in EdrawMax Online canvas to create a Network Diagram from scratch.
Customize the diagram Customize your AWS STS Assume Role Example by changing the symbols and shapes as required. With the easy drag-and-drop feature of EdrawMax Online, you can use all the relative elements from libraries.
Work on your research
AWS STS supports AWS CloudTrail that calls for your AWS account and delivers log files to an Amazon S3 bucket. Try including the S3 bucket in your diagram to make it more authentic.
Export & Share
Once your AWS STS Assume Role Example design is completed, you can share it amongst your colleagues or clients using the easy export and share option. You can export the AWS STS Assume diagram in multiple formats, like Graphics, JPEG, PDF, or HTML. Also, you can share the designs on different social media platforms, like Facebook, Twitter, LinkedIn, or Line.
The below AWS STS Assume Role Example shows the Developer Accounts comprising the IAM User and a Prod. Account comprising the IAM/STS and Resources. You can use different AWS symbols to ensure that the diagram looks different and more authentic than others.
As you learned in this article, Security Token Service (STS) enables you to request temporary, limited-privilege credentials for Identity and Access Management (IAM) users or for users that you authenticate. Start using EdrawMax Online to create similar-looking AWS STS Assume Role Example diagrams. The free graphic maker offers AWS symbols and even lets you import the diagram elements right from your personal cloud space.