Which AWS STS API operation is used to create a new session with temporary credentials?

Disable ads (and more) with a premium pass for a one time $4.99 payment

Study for the AWS Certified Security Specialty Exam. Utilize flashcards and multiple-choice questions with detailed explanations. Thoroughly prepare and boost your confidence for the exam!

The operation utilized to create a new session with temporary credentials within AWS Security Token Service (STS) is the AssumeRole operation. This function allows a user to assume a specified role in AWS, which results in the issuance of temporary security credentials that are valid for a limited duration.

When a user or application assumes a role using the AssumeRole operation, they can gain access to the permissions associated with that role, effectively allowing them to interact with AWS services under those permissions. The temporary credentials generated through this process include an access key ID, a secret access key, and a session token, which are then used for the duration defined during the role assumption.

In a scenario where a user needs to delegate permissions or require elevated access without sharing long-term credentials, using AssumeRole is the best practice. It enhances security by limiting how long credentials are valid and by enforcing least privilege access.

Other operations related to temporary credentials, such as GetSessionToken, are used to obtain credentials based on the original user's permissions but do not involve role assumption. Meanwhile, RequestTemporaryCredentials is not a recognized AWS STS API operation, and GetCallerIdentity is used to retrieve details about the IAM identity of the caller, not to create a new session. Thus, the most

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy