AWS Security Token Service (AWS STS) is the service that provides temporary, limited-privilege security credentials to trusted users. These temporary credentials are used to access AWS resources without the need for long-term access keys.
Key points about AWS STS:
- Provides temporary security credentials that expire after a configurable period
- Supports various federation scenarios including IAM roles, SAML, and web identity federation
- Enables secure access for users, applications, and services without managing long-term credentials
- Integrates with IAM roles to assume temporary permissions
Why other options are incorrect:
- AWS Control Tower: A service for setting up and governing a secure multi-account AWS environment, not for providing temporary credentials
- IAM user: Provides long-term credentials, not temporary ones
- IAM web identity federation: This is actually a use case that leverages AWS STS to provide temporary credentials, but AWS STS is the actual service that provides the credentials
