Examples of using Assumerole in English and their translations into German
{-}
-
Colloquial
-
Official
-
Ecclesiastic
-
Medicine
-
Financial
-
Ecclesiastic
-
Political
-
Computer
-
Programming
-
Official/political
-
Political
Use AssumeRole for the following scenarios.
Choosing Between GetSessionToken and AssumeRole.
AssumeRole stores the policy in a packed format.
When it appears in the list, select the AssumeRole policy.
AssumeRole and GetSessionToken can also be called without MFA information.
The following example shows a call to AssumeRole that sends the output to a file.
AssumeRole-Cross-Account Delegation and Federation Through a Custom Identity Broker.
For federated users to access an IAM role,grant access to AWS STS AssumeRole.
For any of the API operations that begin with AssumeRole*, you use an IAM role to assign permissions.
AWS STS provides two API operations that let users pass MFA information:GetSessionToken and AssumeRole.
Denying Access to Credentials Created by AssumeRole, AssumeRoleWithSAML, or AssumeRoleWithWebIdentity.
AssumeRole returns the size as a percentage of the maximum size allowed so you can adjust the calling parameters.
Create a managed policy that allows the AssumeRole action on the role you created in the previous step.
In account B, the administrator attaches the followingpolicy to user Richard that allows him to call the AssumeRole action.
Using the AWS CLI, you can call an AWS STS API like AssumeRole or GetFederationToken and then capture the resulting output.
After you create the trust relationship, an IAM user oran application from the trusted account can use the AWS Security Token Service(AWS STS) AssumeRole API operation.
This API differs from AssumeRole in that the default expiration period is substantially longer 12 hours instead of one hour.
You can include information about a multi-factor authentication(MFA) device when you call the AssumeRole and GetSessionToken API operations.
The temporary credentials returned by AssumeRole do not include MFA information in the context, so you cannot check individual API operations for MFA.
AWS API/AWS CLI:A user in the Developers group of the development account calls the AssumeRole function to obtain credentials for the UpdateAPP role.
For information about granting sts: AssumeRole permissions to an IAM identity, see Creating a Role to Delegate Permissions to an AWS Service and AssumeRole.
Next, you will learn how David, a developer, can access the productionapp bucket in the Production account by using the AWS Management Console,the AWS CLI commands, and the AssumeRole API call.
For more information about assuming a role through AWS STS, see AssumeRole in the AWS Security Token Service User Guide and assume-role in the AWS CLI Command Reference.
Although the user can provide MFA information to assume a role, the temporary credentials returned by AssumeRole don't include the MFA information.