STS - AssumeRoleWithWebIdentity Flashcards

1
Q

What is AssumeRole with Web Identity?

A

Assume-role-with-web-identity is an API provided by STS (Security Token Service) that allows users authenticated with a web identity provider to access AWS resources. It allows sign-up and sign-in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is STS?

A

STS stands for the Security Token Service. It is an API provided by AWS as part of the Security Token Service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the purpose of AssumeRole with Web Identity API call?

A

The AssumeRole with Web Identity API call allows users authenticated with a web identity provider to access AWS resources after successful authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are Temporary Credentials in the context of STS?

A

If successful, STS will return temporary credentials enabling access to AWS resources for the authenticated user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is an Assumed Role User?

A

Within the Assumed Role User, the ARN (Amazon Resource Name) and Assumed Role ID are used to programmatically reference the temporary credentials, not an IAM role or user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the recommended approach for mobile applications in terms of using AssumeRole with Web Identity API?

A

For regular web applications, the assume-role-with-web-identity API can be used. However, for mobile applications, AWS recommends using Amazon Cognito.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the full workflow of STS for AssumeRole with Web Identity?

A
  1. User/web application authenticates with the Web Identity Provider.
  2. The Web Identity Provider sends back a JWT token.
  3. The web application uses the assume-role-with-web-identity API including the JWT.
  4. STS returns the AWS credentials (Access Key and Secret Access Key).
  5. The application can use the temporary credentials to access AWS resources.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly