Crate rusoto_sts[−][src]

AWS Security Token Service

The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). This guide provides descriptions of the STS API. For more detailed information about using this service, go to Temporary Security Credentials.

As an alternative to using the API, you can use one of the AWS SDKs, which consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to STS. For example, the SDKs take care of cryptographically signing requests, managing errors, and retrying requests automatically. For information about the AWS SDKs, including how to download and install them, see the Tools for Amazon Web Services page.

For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in the AWS General Reference. For general information about the Query API, go to Making Query Requests in Using IAM. For information about using security tokens with other AWS products, go to AWS Services That Work with IAM in the IAM User Guide.

If you're new to AWS and need additional technical information about a specific AWS product, you can find the product's technical documentation at http://aws.amazon.com/documentation/.

Endpoints

The AWS Security Token Service (STS) has a default endpoint of https://sts.amazonaws.com that maps to the US East (N. Virginia) region. Additional regions are available and are activated by default. For more information, see Activating and Deactivating AWS STS in an AWS Region in the IAM User Guide.

For information about STS endpoints, see Regions and Endpoints in the AWS General Reference.

Recording API requests

STS supports AWS CloudTrail, which is a service that records AWS calls for your AWS account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine what requests were successfully made to STS, who made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide.

If you're using the service, you're probably looking for StsClient and Sts.

Structs

AssumeRoleRequest
AssumeRoleResponse	Contains the response to a successful AssumeRole request, including temporary AWS credentials that can be used to make AWS requests.
AssumeRoleWithSAMLRequest
AssumeRoleWithSAMLResponse	Contains the response to a successful AssumeRoleWithSAML request, including temporary AWS credentials that can be used to make AWS requests.
AssumeRoleWithWebIdentityRequest
AssumeRoleWithWebIdentityResponse	Contains the response to a successful AssumeRoleWithWebIdentity request, including temporary AWS credentials that can be used to make AWS requests.
AssumedRoleUser	The identifiers for the temporary security credentials that the operation returns.
Credentials	AWS credentials for API authentication.
DecodeAuthorizationMessageRequest
DecodeAuthorizationMessageResponse	A document that contains additional information about the authorization status of a request from an encoded message that is returned in response to an AWS request.
FederatedUser	Identifiers for the federated user that is associated with the credentials.
GetCallerIdentityRequest
GetCallerIdentityResponse	Contains the response to a successful GetCallerIdentity request, including information about the entity making the request.
GetFederationTokenRequest
GetFederationTokenResponse	Contains the response to a successful GetFederationToken request, including temporary AWS credentials that can be used to make AWS requests.
GetSessionTokenRequest
GetSessionTokenResponse	Contains the response to a successful GetSessionToken request, including temporary AWS credentials that can be used to make AWS requests.
StsAssumeRoleSessionCredentialsProvider	AwsCredentials provider that calls `AssumeRole` using the provided StsClient. To use with MFA, pass in the MFA serial number then set the MFA code. You will need to ensure the provider has a valid code each time you acquire a new STS token.
StsClient	A client for the AWS STS API.
StsSessionCredentialsProvider	AwsCredentials provider that calls `GetSessionToken` using the provided StsClient. To use with MFA, pass in the MFA serial number then set the MFA code. You will need to ensure the provider has a valid code each time you acquire a new STS token.
StsWebIdentityFederationSessionCredentialsProvider	AwsCredentials provider that calls `AssumeRoleWithWebIdentity` using the provided StsClient.

Enums

AssumeRoleError	Errors returned by AssumeRole
AssumeRoleWithSAMLError	Errors returned by AssumeRoleWithSAML
AssumeRoleWithWebIdentityError	Errors returned by AssumeRoleWithWebIdentity
DecodeAuthorizationMessageError	Errors returned by DecodeAuthorizationMessage
GetCallerIdentityError	Errors returned by GetCallerIdentity
GetFederationTokenError	Errors returned by GetFederationToken
GetSessionTokenError	Errors returned by GetSessionToken

Traits

NewAwsCredsForStsCreds	Trait for conversions from STS Credentials to AWS Credentials.
Sts	Trait representing the capabilities of the AWS STS API. AWS STS clients implement this trait.