support AWS STS on the lambda invoker #154
Description
AWS Security Token Service (AWS STS) is a web service that enables you to request temporary, limited-privilege security credentials for users or applications. It is a fundamental component of AWS Identity and Access Management (IAM) used to enhance security by minimizing the need for long-term access keys.
Key Features and Benefits
- Temporary Credentials: Provides short-lived credentials (access key, secret key, and token) that expire, reducing risks from compromised keys.
- Access Control: Inherits permissions from IAM roles or policies, ensuring least-privilege access.
- Identity Federation & Cross-Account Access: Allows external users (e.g., SAML, social media) to access AWS resources and facilitates secure access across different AWS accounts.
- Security & Monitoring: Supports Multi-Factor Authentication (MFA) and logs all API calls via AWS CloudTrail.
Common API Operations
- AssumeRole: Obtains temporary credentials for cross-account access or delegated permissions.
- GetSessionToken: Generates temporary credentials, often used for MFA-protected programmatic calls.
- AssumeRoleWithSAML / AssumeRoleWithWebIdentity: Authenticates users via external identity providers (SAML or Web) to assume roles.
- GetCallerIdentity: Returns details about the current IAM entity for auditing.