Skip to content

AWS Notes

Sts

AWS Notes

Table of Contents
Identity
Identity
- AWS Accounts
- Awssso
- Cognito
- Controltower
- AWS Identity And Access Management (IAM)
- Identityfederation
- Organizations
- Policyevaluation
- Ram
- Revisiontopics
- Scp
- Servicecatalogue
- Servicequotas
- Sts Sts
  Table of contents
  - Basics
- Toc
Compute
Compute
- Containers
  Containers
  - Basics
  - Ecr
  - Ecs
  - Eks
- Ec2
  Ec2
- Elasticbeanstalk
  Elasticbeanstalk
  - TOC
  - Basics
  - Deployment
  - Docker
- Lambda
  Lambda
  - Basics
  - Execution
  - Networking
  - Stepfunctions
  - TOC
Databases
Databases
- Athena
- Elasticcache
- Redshift
- Aurora
  Aurora
  - Index
- Dynamodb
  Dynamodb
  - TOC
  - Basics
  - Dax
  - Globaltables
  - Indexes
  - Operating
  - Streams
- Rds
  Rds
  - Index
  - Basics
  - Multiaz
  - Backups
  - Readreplicas
  - Rdssecurity
  - Aurorabasics
  - Auroraserverless
  - Rdsproxy
  - Dms
Networking
Networking
- Toc
- Apigateway
  Apigateway
  - Basics
- Hybrid
  Hybrid
- Scaling
  Scaling
  - Asg
  - Loadbalancer
- Vpc
  Vpc
Storage
Storage
- Efs
- Fsx
- Transferfamily
Security
Security
- Cloudhsm
- Guardduty
- Inspector
- Neworkfirewall
- Trustedadvisor
- Waf
- Key management service
  Key management service
  - KMS Basics
Monitoring
Monitoring
- Awsconfig
- Cloudtrail
- Vpcflowlogs
- X ray
- Cloudwatch
  Cloudwatch
  - Basics
  - Cwlogs
  - Toc
Devops
Devops
- Basics
- Cicd
Costmanagement
Costmanagement
- Basics
Bcpdr
Bcpdr
- Disasterrecovery
Eventdriven
Eventdriven
- Architecture
- Eventbridge
- Kinesis
- Sns
- Sqs
- TOC
Machinelearning
Machinelearning
- Rekognition
- Comprehend
- Devicefarm
- Forecast
- Frauddetector
- Glue
- Kendra
- Kinesisvideostreams
- Lexconnect
- Polly
- Sagemaker
- Textract
- Transcribe
- Translate
Tbd

Sts

Basics

STS generates temporary security credentials or tokens
They are similar to access keys access Key ID & secret Access Key
These credenitals expire after specified duration
The permissions to temporary credenitals can be restricted to a subset of permissions specified in a Role's permission policy
Temporary credentials are always requested by another identity
Temporary Credentials consist of
Access Key Id
Expiration Time
Secret Access Key
Session Token
Once given the temporary security credentials can not be invalidated till the expiration time
If a temporary credential is leaked best way to handle is DENY access to any sessions older than NOW. This is acheived by adding inline permissions policy with AWSRevokeOlderSessions for sessions older than now