Grant limited access to AWS resources via Token
To get the token - API call AssumeRole, AssumeRoleWithSAML (probabbly this is how i’m getting my creds for sandbox account), AssumeRoleWithWebIdentity (use cognito Instread)
Prerequisties
- Must have an IAM role
- Defined allowed principals
- Use STS api to get the temporarry tokens
- Valid upto 15 minutes to 1 hour
Cross account access with STS
