← 返回命令列表

Linux command

aws-sts 命令

趣味

复制后可按需替换文件名、目录或参数。

常用示例

Get the identity

aws sts get-caller-identity

Assume an IAM role

aws sts assume-role --role-arn [arn:aws:iam::account:role/role-name] --role-session-name [session-name]

Get temporary session credentials

aws sts get-session-token --duration-seconds [3600]

Assume a role with MFA

aws sts assume-role --role-arn [arn:aws:iam::account:role/role-name] --role-session-name [session-name] --serial-number [arn:aws:iam::account:mfa/device] --token-code [123456]

Get account ID

aws sts get-access-key-info --access-key-id [AKIAIOSFODNN7EXAMPLE]

Decode an authorization error message

aws sts decode-authorization-message --encoded-message [encoded-message]

说明

aws sts is the AWS CLI interface for AWS Security Token Service (STS), which enables you to request temporary, limited-privilege credentials for IAM users or federated users. STS is essential for cross-account access, identity federation, and implementing least-privilege security. Temporary credentials include an access key, secret key, and session token with configurable expiration.

参数

--role-arn _value_
The ARN of the role to assume
--role-session-name _value_
An identifier for the assumed role session
--duration-seconds _value_
Duration of the temporary credentials (900-43200 seconds)
--serial-number _value_
The ARN of the MFA device for MFA-protected operations
--token-code _value_
The value from the MFA device
--external-id _value_
A unique identifier for cross-account access

FAQ

What is the aws-sts command used for?

aws sts is the AWS CLI interface for AWS Security Token Service (STS), which enables you to request temporary, limited-privilege credentials for IAM users or federated users. STS is essential for cross-account access, identity federation, and implementing least-privilege security. Temporary credentials include an access key, secret key, and session token with configurable expiration.

How do I run a basic aws-sts example?

Run `aws sts get-caller-identity` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does --role-arn _value_ do in aws-sts?

The ARN of the role to assume