Which AWS STS API operation enables a developer to access an S3 bucket in a different AWS account using multi-factor authentication (MFA)?