How to temporarily access an AWS account with STS
In complex cloud environments, setting up long-term roles with access often requires approvals from multiple teams, which can be time-consuming. To simplify this process, you can use a temporary Security Token (STS) to gain access to specific AWS resources without needing to create a permanent role.
Steps to Access AWS with a Temporary Security Token
-
Select AWS Security Token
In the Cado platform, go to Import > AWS > Security Token. -
Enter the Resource ARN
Provide the full Amazon Resource Name (ARN) of the AWS resource you want to import. -
Grant Temporary Access via AWS CLI or a third party tool
You can generate a session token using the AWS CLI for a user or a role, or a third-party tool such as HashiCorp Vault:
A session token can be generated from a user. This action uses the permissions available in your local AWS CLI environment:
A session token can also be generated from a role:
Or a third party tool such as HashiCorp Vault:
Setting the Session Duration
The maximum session duration for an STS token can be set between 1 hour and 12 hours. However, if you request a session longer than the maximum allowed by your administrator, the operation will fail. For example, if you request a 12-hour session but the administrator's limit is 6 hours, the token generation will not succeed.
More details on session duration limits can be found in the AWS documentation.