AWS Security Token Service (sts)

2025-11-08

3 new actions, 2 new conditions

Additions

    Actions
  • GetDelegatedAccessToken
    • Description:  Returns temporary security credentials for accessing an AWS account after temporary delegation request approval. This API requires the tradeInToken provided upon request delegation approval and is intended to be used only by Amazon or AWS Partners
    • Access:  Write
  • GetWebIdentityToken
    • Description:  Grants permission to obtain a short-lived, publicly verifiable JSON Web Token (JWT) that represents the calling IAM principal's identity
    • Access:  Write
    • Conditions: 

      sts:DurationSeconds

      sts:IdentityTokenAudience

      sts:SigningAlgorithm

      aws:TagKeys

      aws:RequestTag/${TagKey}
  • TagGetWebIdentityToken
    • Description:  Grants permission to add tags to the JSON Web Token (JWT) generated by the GetWebIdentityToken API
    • Access:  Tagging
    • Conditions: 

      aws:TagKeys

      aws:RequestTag/${TagKey}
    Conditions
  • sts:IdentityTokenAudience
    • Description:  Filters access by the audience that is passed in the request
    • Type:  String
  • sts:SigningAlgorithm
    • Description:  Filters access by the signing algorithm that is passed in the request
    • Type:  String