Explanation

AWS Security Token Service (AWS STS) is the correct answer because:

• AWS STS provides temporary, limited-privilege credentials for IAM users or federated users
• These temporary credentials are ideal for applications that need to access AWS resources securely
• The credentials expire after a specified period, enhancing security
• AWS STS supports various scenarios including cross-account access, federated identity, and assuming IAM roles

Why the other options are incorrect:

• AWS KMS (A): Used for creating and managing encryption keys, not for temporary credentials
• AWS CloudHSM (B): Hardware security module service for managing encryption keys, not for temporary credentials
• Amazon Cognito (C): Provides user authentication and authorization for web and mobile apps, but doesn't directly provide temporary AWS credentials like STS does

AWS STS is specifically designed to provide secure temporary credentials that applications can use to access AWS resources.