{
	"id": "327123f3-1465-4cc1-b041-08091a46fe8c",
	"created_at": "2026-04-06T00:21:03.662207Z",
	"updated_at": "2026-04-10T03:20:34.183579Z",
	"deleted_at": null,
	"sha1_hash": "3404f189c113bd44e5ac4802a2b66410460dcdf2",
	"title": "Request temporary security credentials - AWS Identity and Access Management",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 133049,
	"plain_text": "Request temporary security credentials - AWS Identity and Access\r\nManagement\r\nArchived: 2026-04-05 23:44:39 UTC\r\nTo request temporary security credentials, you can use AWS Security Token Service (AWS STS) operations in the\r\nAWS API. These include operations to create and provide trusted users with temporary security credentials that\r\ncan control access to your AWS resources. For more information about AWS STS, see Temporary security\r\ncredentials in IAM. To learn about the different methods that you can use to request temporary security credentials\r\nby assuming a role, see Methods to assume a role.\r\nTo call the API operations, you can use one of the AWS SDKs. The SDKs are available for a variety of\r\nprogramming languages and environments, including Java, .NET, Python, Ruby, Android, and iOS. The SDKs\r\ntake care of tasks such as cryptographically signing your requests, retrying requests if necessary, and handling\r\nerror responses. You can also use the AWS STS Query API, which is described in the AWS Security Token Service\r\nAPI Reference. Finally, two command line tools support the AWS STS commands: the AWS Command Line\r\nInterface, and the AWS Tools for Windows PowerShell.\r\nThe AWS STS API operations create a new session with temporary security credentials that include an access key\r\npair and a session token. The access key pair consists of an access key ID and a secret key. Users (or an\r\napplication that the user runs) can use these credentials to access your resources. You can create a role session and\r\npass session policies and session tags programmatically using AWS STS API operations. The resulting session\r\npermissions are the intersection of the role's identity-based policies and the session policies. For more information\r\nabout session policies, see Session policies. For more information about session tags, see Pass session tags in\r\nAWS STS.\r\nNote\r\nThe size of the session token that AWS STS API operations return is not fixed. We strongly recommend that you\r\nmake no assumptions about the maximum size. The typical token size is less than 4096 bytes, but that can vary.\r\nUsing AWS STS with AWS Regions\r\nYou can send AWS STS API calls either to a global endpoint or to one of the Regional endpoints. If you choose an\r\nendpoint closer to you, you can reduce latency and improve the performance of your API calls. You also can\r\nchoose to direct your calls to an alternative Regional endpoint if you can no longer communicate with the original\r\nendpoint. If you are using one of the various AWS SDKs, then use that SDK method to specify a Region before\r\nyou make the API call. If you manually construct HTTP API requests, then you must direct the request to the\r\ncorrect endpoint yourself. For more information, see the AWS STS section of Regions and Endpoints and Manage\r\nAWS STS in an AWS Region.\r\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\r\nPage 1 of 10\n\nThe following are the API operations that you can use to acquire temporary credentials for use in your AWS\r\nenvironment and applications.\r\nRequesting credentials for cross-account delegation and federation through a\r\ncustom identity broker\r\nThe AssumeRole API operation is useful for allowing existing IAM users to access AWS resources that they don't\r\nalready have access to. For example, the user might need access to resources in another AWS account. It is also\r\nuseful as a means to temporarily gain privileged access—for example, to provide multi-factor authentication\r\n(MFA). You must call this API using active credentials. To learn who can call this operation, see Compare AWS\r\nSTS credentials. For more information, see Create a role to give permissions to an IAM user and Secure API\r\naccess with MFA.\r\nTo request temporary security credentials for cross-account delegation and federation through a custom identity broker\r\n1. Authenticate with your AWS security credentials. This call must be made using valid AWS security\r\ncredentials.\r\n2. Call the operation AssumeRole .\r\nThe following example shows a sample request and response using AssumeRole . This example request assumes\r\nthe demo role for the specified duration with the included session policy, session tags, external ID, and source\r\nidentity. The resulting session is named John-session .\r\nExample request\r\nhttps://sts.amazonaws.com/\r\n?Version=2011-06-15\r\n\u0026Action=AssumeRole\r\n\u0026RoleSessionName=John-session\r\n\u0026RoleArn=arn:aws::iam::123456789012:role/demo\r\n\u0026Policy=%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%20%22Stmt1%22%2C%22Effect%22%\r\n\u0026DurationSeconds=1800\r\n\u0026Tags.member.1.Key=Project\r\n\u0026Tags.member.1.Value=Pegasus\r\n\u0026Tags.member.2.Key=Cost-Center\r\n\u0026Tags.member.2.Value=12345\r\n\u0026ExternalId=123ABC\r\n\u0026SourceIdentity=DevUser123\r\n\u0026AUTHPARAMS\r\nThe policy value shown in the preceding example is the URL-encoded version of the following policy:\r\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\r\nPage 2 of 10\n\n{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}\r\nThe AUTHPARAMS parameter in the example is a placeholder for your signature. A signature is the authentication\r\ninformation that you must include with AWS HTTP API requests. We recommend using the AWS SDKs to create\r\nAPI requests, and one benefit of doing so is that the SDKs handle request signing for you. If you must create and\r\nsign API requests manually, see Signing AWS Requests By Using Signature Version 4 in the Amazon Web Services\r\nGeneral Reference to learn how to sign a request.\r\nIn addition to the temporary security credentials, the response includes the Amazon Resource Name (ARN) for the\r\nfederated user and the expiration time of the credentials.\r\nExample response\r\n\u003cAssumeRoleResponse xmlns=\"https://sts.amazonaws.com/doc/2011-06-15/\"\u003e\r\n\u003cAssumeRoleResult\u003e\r\n\u003cSourceIdentity\u003eDevUser123\u003c/SourceIdentity\u003e\r\n\u003cCredentials\u003e\r\n \u003cSessionToken\u003e\r\n AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW\r\n LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd\r\n QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU\r\n 9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz\r\n +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==\r\n \u003c/SessionToken\u003e\r\n \u003cSecretAccessKey\u003e\r\n wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY\r\n \u003c/SecretAccessKey\u003e\r\n \u003cExpiration\u003e2019-07-15T23:28:33.359Z\u003c/Expiration\u003e\r\n \u003cAccessKeyId\u003eAKIAIOSFODNN7EXAMPLE\u003c/AccessKeyId\u003e\r\n\u003c/Credentials\u003e\r\n\u003cAssumedRoleUser\u003e\r\n \u003cArn\u003earn:aws:sts::123456789012:assumed-role/demo/John\u003c/Arn\u003e\r\n \u003cAssumedRoleId\u003eARO123EXAMPLE123:John\u003c/AssumedRoleId\u003e\r\n\u003c/AssumedRoleUser\u003e\r\n\u003cPackedPolicySize\u003e8\u003c/PackedPolicySize\u003e\r\n\u003c/AssumeRoleResult\u003e\r\n\u003cResponseMetadata\u003e\r\n\u003cRequestId\u003ec6104cbe-af31-11e0-8154-cbc7ccf896c7\u003c/RequestId\u003e\r\n\u003c/ResponseMetadata\u003e\r\n\u003c/AssumeRoleResponse\u003e\r\nNote\r\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\r\nPage 3 of 10\n\nAn AWS conversion compresses the passed session policies and session tags into a packed binary format that has\r\na separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The\r\nPackedPolicySize response element indicates by percentage how close the policies and tags for your request are\r\nto the upper size limit.\r\nRequesting credentials through an OIDC provider\r\nThe AssumeRoleWithWebIdentity API operation returns a set of temporary AWS security credentials in exchange\r\nfor a JSON Web Token (JWT). This includes public identity providers, such as Login with Amazon, Facebook,\r\nGoogle, and providers that issue JWTs that are compatible with OpenID Connect (OIDC) discovery, such as\r\nGitHub actions or Azure Devops. For more information, see OIDC federation.\r\nNote\r\nAssumeRoleWithWebIdentity requests are not signed with, and do not require AWS credentials.\r\nRequesting credentials through an OIDC provider\r\n1. Call the operation AssumeRoleWithWebIdentity .\r\nWhen you call AssumeRoleWithWebIdentity , AWS validates the token presented by verifying the digital\r\nsignature using public keys made available through your IdP's JSON web keyset (JWKS). If the token is\r\nvalid, and all conditions set forth in the IAM role trust policy are met, AWS returns the following\r\ninformation to you:\r\nA set of temporary security credentials. These consist of an access key ID, a secret access key, and a\r\nsession token.\r\nThe role ID and the ARN of the assumed role.\r\nA SubjectFromWebIdentityToken value that contains the unique user ID.\r\n2. Your application may then use the temporary security credentials that were returned in the response to\r\nmake AWS API calls. This is the same process as making an AWS API call with long-term security\r\ncredentials. The difference is that you must include the session token, which lets AWS verify that the\r\ntemporary security credentials are valid.\r\nYour application should cache the credentials returned by AWS STS and refresh them as needed. If your\r\napplication is built using an AWS SDK, the SDK has credential providers that can handle calling\r\nAssumeRoleWithWebIdentity and refreshing AWS credentials before they expire. For more information, see AWS\r\nSDKs and Tools standardized credential providers in the AWS SDKs and Tools Reference Guide.\r\nRequesting credentials through a SAML 2.0 identity provider\r\nThe AssumeRoleWithSAML API operation returns a set of temporary security credentials for SAML federated\r\nprincipals who are authenticated by your organization's existing identity system. The users must also use SAML\r\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\r\nPage 4 of 10\n\n2.0 (Security Assertion Markup Language) to pass authentication and authorization information to AWS. This API\r\noperation is useful in organizations that have integrated their identity systems (such as Windows Active Directory\r\nor OpenLDAP) with software that can produce SAML assertions. Such an integration provides information about\r\nuser identity and permissions (such as Active Directory Federation Services or Shibboleth). For more information,\r\nsee SAML 2.0 federation.\r\n1. Call the operation AssumeRoleWithSAML .\r\nThis is an unsigned call, meaning you do not need to authenticate AWS security credentials prior to making\r\nthe request.\r\nNote\r\nA call to AssumeRoleWithSAML is not signed (encrypted). Therefore, you should only include optional\r\nsession policies if the request is transmitted through a trusted intermediary. In this case, someone could\r\nalter the policy to remove the restrictions.\r\n2. When you call AssumeRoleWithSAML , AWS verifies the authenticity of the SAML assertion. Assuming that\r\nthe identity provider validates the assertion, AWS returns the following information to you:\r\nA set of temporary security credentials. These consist of an access key ID, a secret access key, and a\r\nsession token.\r\nThe role ID and the ARN of the assumed role.\r\nAn Audience value that contains the value of the Recipient attribute of the\r\nSubjectConfirmationData element of the SAML assertion.\r\nAn Issuer value that contains the value of the Issuer element of the SAML assertion.\r\nA NameQualifier element that contains a hash value built from the Issuer value, the AWS\r\naccount ID, and the friendly name of the SAML provider. When combined with the Subject\r\nelement, they can uniquely identify the SAML federated principal.\r\nA Subject element that contains the value of the NameID element in the Subject element of the\r\nSAML assertion.\r\nA SubjectType element that indicates the format of the Subject element. The value can be\r\npersistent , transient , or the full Format URI from the Subject and NameID elements\r\nused in your SAML assertion. For information about the NameID element's Format attribute, see\r\nConfigure SAML assertions for the authentication response.\r\n3. Use the temporary security credentials returned in the response to make AWS API calls. This is the same\r\nprocess as making an AWS API call with long-term security credentials. The difference is that you must\r\ninclude the session token, which lets AWS verify that the temporary security credentials are valid.\r\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\r\nPage 5 of 10\n\nYour app should cache the credentials. By default the credentials expire after an hour. If you are not using the\r\nAmazonSTSCredentialsProvider action in the AWS SDK, it's up to you and your app to call\r\nAssumeRoleWithSAML again. Call this operation to get a new set of temporary security credentials before the old\r\nones expire.\r\nRequesting credentials through a custom identity broker\r\nThe GetFederationToken API operation returns a set of temporary security credentials for AWS STS federated\r\nuser principals. This API differs from AssumeRole in that the default expiration period is substantially longer (12\r\nhours instead of one hour). Additionally, you can use the DurationSeconds parameter to specify a duration for\r\nthe temporary security credentials to remain valid. The resulting credentials are valid for the specified duration,\r\nbetween 900 seconds (15 minutes) to 129,600 seconds (36 hours). The longer expiration period can help reduce\r\nthe number of calls to AWS because you do not need to get new credentials as often.\r\n1. Authenticate with the AWS security credentials of your specific IAM user. This call must be made using\r\nvalid AWS security credentials.\r\n2. Call the operation GetFederationToken .\r\nThe GetFederationToken call returns temporary security credentials that consist of the session token, access key,\r\nsecret key, and expiration. You can use GetFederationToken if you want to manage permissions inside your\r\norganization (for example, using the proxy application to assign permissions).\r\nThe following example shows a sample request and response that uses GetFederationToken . This example\r\nrequest federates the calling user for the specified duration with the session policy ARN and session tags. The\r\nresulting session is named Jane-session .\r\nExample request\r\nhttps://sts.amazonaws.com/\r\n?Version=2011-06-15\r\n\u0026Action=GetFederationToken\r\n\u0026Name=Jane-session\r\n\u0026PolicyArns.member.1.arn==arn%3Aaws%3Aiam%3A%3A123456789012%3Apolicy%2FRole1policy\r\n\u0026DurationSeconds=1800\r\n\u0026Tags.member.1.Key=Project\r\n\u0026Tags.member.1.Value=Pegasus\r\n\u0026Tags.member.2.Key=Cost-Center\r\n\u0026Tags.member.2.Value=12345\r\n\u0026AUTHPARAMS\r\nThe policy ARN shown in the preceding example includes the following URL-encoded ARN:\r\narn:aws:iam::123456789012:policy/Role1policy\r\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\r\nPage 6 of 10\n\nAlso, note that the \u0026AUTHPARAMS parameter in the example is meant as a placeholder for the authentication\r\ninformation. This is the signature, which you must include with AWS HTTP API requests. We recommend using\r\nthe AWS SDKs to create API requests, and one benefit of doing so is that the SDKs handle request signing for\r\nyou. If you must create and sign API requests manually, go to Signing AWS Requests By Using Signature Version\r\n4 in the Amazon Web Services General Reference to learn how to sign a request.\r\nIn addition to the temporary security credentials, the response includes the Amazon Resource Name (ARN) for the\r\nfederated user and the expiration time of the credentials.\r\nExample response\r\n\u003cGetFederationTokenResponse xmlns=\"https://sts.amazonaws.com/doc/2011-06-15/\"\u003e\r\n\u003cGetFederationTokenResult\u003e\r\n\u003cCredentials\u003e\r\n \u003cSessionToken\u003e\r\n AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW\r\n LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd\r\n QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU\r\n 9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz\r\n +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCEXAMPLE==\r\n \u003c/SessionToken\u003e\r\n \u003cSecretAccessKey\u003e\r\n wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY\r\n \u003c/SecretAccessKey\u003e\r\n \u003cExpiration\u003e2019-04-15T23:28:33.359Z\u003c/Expiration\u003e\r\n \u003cAccessKeyId\u003eAKIAIOSFODNN7EXAMPLE;\u003c/AccessKeyId\u003e\r\n\u003c/Credentials\u003e\r\n\u003cFederatedUser\u003e\r\n \u003cArn\u003earn:aws:sts::123456789012:federated-user/Jean\u003c/Arn\u003e\r\n \u003cFederatedUserId\u003e123456789012:Jean\u003c/FederatedUserId\u003e\r\n\u003c/FederatedUser\u003e\r\n\u003cPackedPolicySize\u003e4\u003c/PackedPolicySize\u003e\r\n\u003c/GetFederationTokenResult\u003e\r\n\u003cResponseMetadata\u003e\r\n\u003cRequestId\u003ec6104cbe-af31-11e0-8154-cbc7ccf896c7\u003c/RequestId\u003e\r\n\u003c/ResponseMetadata\u003e\r\n\u003c/GetFederationTokenResponse\u003e\r\nNote\r\nAn AWS conversion compresses the passed session policies and session tags into a packed binary format that has\r\na separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The\r\nPackedPolicySize response element indicates by percentage how close the policies and tags for your request are\r\nto the upper size limit.\r\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\r\nPage 7 of 10\n\nAWS recommends that you grant permissions at the resource level (for example, you attach a resource-based\r\npolicy to an Amazon S3 bucket), you can omit the Policy parameter. However, if you do not include a policy for\r\nthe AWS STS federated user principal, the temporary security credentials will not grant any permissions. In this\r\ncase, you must use resource policies to grant the federated user access to your AWS resources.\r\nFor example, assume your AWS account number is 111122223333, and you have an Amazon S3 bucket that you\r\nwant to allow Susan to access. Susan's temporary security credentials don't include a policy for the bucket. In that\r\ncase, you would need to ensure that the bucket has a policy with an ARN that matches Susan's ARN, such as\r\narn:aws:sts::111122223333:federated-user/Susan .\r\nRequesting credentials for users in untrusted environments\r\nThe GetSessionToken API operation returns a set of temporary security credentials to an existing IAM user. This\r\nis useful for providing enhanced security, such as allowing AWS requests only when MFA is enabled for the IAM\r\nuser. Because the credentials are temporary, they provide enhanced security when you have an IAM user who\r\naccesses your resources through a less secure environment. Examples of less secure environments include a\r\nmobile device or web browser.\r\n1. Authenticate with the AWS security credentials of your specific IAM user. This call must be made using\r\nvalid AWS security credentials.\r\n2. Call the operation GetSessionToken .\r\n3. GetSessionToken returns temporary security credentials consisting of a session token, an access key ID,\r\nand a secret access key.\r\nBy default, temporary security credentials for an IAM user are valid for a maximum of 12 hours. But you can\r\nrequest a duration as short as 15 minutes or as long as 36 hours using the DurationSeconds parameter. For\r\nsecurity reasons, a token for an AWS account root user is restricted to a duration of one hour.\r\nThe following example shows a sample request and response using GetSessionToken . The response also\r\nincludes the expiration time of the temporary security credentials.\r\nExample request\r\nhttps://sts.amazonaws.com/\r\n?Version=2011-06-15\r\n\u0026Action=GetSessionToken\r\n\u0026DurationSeconds=1800\r\n\u0026AUTHPARAMS\r\nThe AUTHPARAMS parameter in the example is a placeholder for your signature. A signature is the authentication\r\ninformation that you must include with AWS HTTP API requests. We recommend using the AWS SDKs to create\r\nAPI requests, and one benefit of doing so is that the SDKs handle request signing for you. If you must create and\r\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\r\nPage 8 of 10\n\nsign API requests manually, go to Signing AWS Requests By Using Signature Version 4 in the Amazon Web\r\nServices General Reference to learn how to sign a request.\r\nExample response\r\n\u003cGetSessionTokenResponse xmlns=\"https://sts.amazonaws.com/doc/2011-06-15/\"\u003e\r\n\u003cGetSessionTokenResult\u003e\r\n\u003cCredentials\u003e\r\n \u003cSessionToken\u003e\r\n AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/L\r\n To6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3z\r\n rkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtp\r\n Z3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE\r\n \u003c/SessionToken\u003e\r\n \u003cSecretAccessKey\u003e\r\n wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY\r\n \u003c/SecretAccessKey\u003e\r\n \u003cExpiration\u003e2011-07-11T19:55:29.611Z\u003c/Expiration\u003e\r\n \u003cAccessKeyId\u003eAKIAIOSFODNN7EXAMPLE\u003c/AccessKeyId\u003e\r\n\u003c/Credentials\u003e\r\n\u003c/GetSessionTokenResult\u003e\r\n\u003cResponseMetadata\u003e\r\n\u003cRequestId\u003e58c5dbae-abef-11e0-8cfe-09039844ac7d\u003c/RequestId\u003e\r\n\u003c/ResponseMetadata\u003e\r\n\u003c/GetSessionTokenResponse\u003e\r\nOptionally, the GetSessionToken request can include SerialNumber and TokenCode values for AWS multi-factor authentication (MFA) verification. If the provided values are valid, AWS STS provides temporary security\r\ncredentials that include the state of MFA authentication. The temporary security credentials can then be used to\r\naccess the MFA-protected API operations or AWS websites for as long as the MFA authentication is valid.\r\nThe following example shows a GetSessionToken request that includes an MFA verification code and device\r\nserial number.\r\nhttps://sts.amazonaws.com/\r\n?Version=2011-06-15\r\n\u0026Action=GetSessionToken\r\n\u0026DurationSeconds=7200\r\n\u0026SerialNumber=YourMFADeviceSerialNumber\r\n\u0026TokenCode=123456\r\n\u0026AUTHPARAMS\r\nNote\r\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\r\nPage 9 of 10\n\nThe call to AWS STS can be to the global endpoint or to any of the Regional endpoints that you activate your\r\nAWS account. For more information, see the AWS STS section of Regions and Endpoints.\r\nThe AUTHPARAMS parameter in the example is a placeholder for your signature. A signature is the authentication\r\ninformation that you must include with AWS HTTP API requests. We recommend using the AWS SDKs to create\r\nAPI requests, and one benefit of doing so is that the SDKs handle request signing for you. If you must create and\r\nsign API requests manually, see Signing AWS Requests By Using Signature Version 4 in the Amazon Web Services\r\nGeneral Reference to learn how to sign a request.\r\nSource: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\r\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\r\nPage 10 of 10",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html"
	],
	"report_names": [
		"id_credentials_temp_request.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434863,
	"ts_updated_at": 1775791234,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3404f189c113bd44e5ac4802a2b66410460dcdf2.pdf",
		"text": "https://archive.orkl.eu/3404f189c113bd44e5ac4802a2b66410460dcdf2.txt",
		"img": "https://archive.orkl.eu/3404f189c113bd44e5ac4802a2b66410460dcdf2.jpg"
	}
}