How to temporarily access an AWS account with STS

In complex cloud environments, setting up long-term roles with access often requires approvals from multiple teams, which can be time-consuming. To simplify this process, you can use a temporary Security Token (STS) to gain access to specific AWS resources without needing to create a permanent role.

Steps to Access AWS with a Temporary Security Token

1. Select AWS Security Token
   In the Cado platform, go to Import > AWS > Security Token.

   

2. Enter the Resource ARN
   Provide the full Amazon Resource Name (ARN) of the AWS resource you want to import.

   

3. Grant Temporary Access via AWS CLI
   Use the AWS CLI to generate the STS token for temporary access. This action uses the permissions available in your local AWS CLI environment. Alternatively, you can temporarily assume a predefined role:

   

Setting the Session Duration

The maximum session duration for an STS token can be set between 1 hour and 12 hours. However, if you request a session longer than the maximum allowed by your administrator, the operation will fail. For example, if you request a 12-hour session but the administrator's limit is 6 hours, the token generation will not succeed.

More details on session duration limits can be found in the AWS documentation.