LicenseRef-OtherLicense licensed by Brendan Hay
Maintained by Brendan Hay
This version can be pinned in stack with:amazonka-sts-1.4.3@sha256:5cc1d5b4753dad59c24682d230ac08ac884bde192f22ef8bb8b074cec88a76c2,6004

Amazon Security Token Service SDK




AWS Security Token Service

The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). This guide provides descriptions of the STS API. For more detailed information about using this service, go to < Temporary Security Credentials>.

As an alternative to using the API, you can use one of the AWS SDKs, which consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to STS. For example, the SDKs take care of cryptographically signing requests, managing errors, and retrying requests automatically. For information about the AWS SDKs, including how to download and install them, see the < Tools for Amazon Web Services page>.

For information about setting up signatures and authorization through the API, go to < Signing AWS API Requests> in the /AWS General Reference/. For general information about the Query API, go to < Making Query Requests> in /Using IAM/. For information about using security tokens with other AWS products, go to < AWS Services That Work with IAM> in the /IAM User Guide/.

If you're new to AWS and need additional technical information about a specific AWS product, you can find the product's technical documentation at


The AWS Security Token Service (STS) has a default endpoint of that maps to the US East (N. Virginia) region. Additional regions are available and are activated by default. For more information, see < Activating and Deactivating AWS STS in an AWS Region> in the /IAM User Guide/.

For information about STS endpoints, see < Regions and Endpoints> in the /AWS General Reference/.

Recording API requests

STS supports AWS CloudTrail, which is a service that records AWS calls for your AWS account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine what requests were successfully made to STS, who made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the < AWS CloudTrail User Guide>.

Documentation is available via Hackage and the AWS API Reference.

The types from this library are intended to be used with amazonka, which provides mechanisms for specifying AuthN/AuthZ information and sending requests.

Use of lenses is required for constructing and manipulating types. This is due to the amount of nesting of AWS types and transparency regarding de/serialisation into more palatable Haskell values. The provided lenses should be compatible with any of the major lens libraries lens or lens-family-core.


For any problems, comments, or feedback please create an issue here on GitHub.

Note: this library is an auto-generated Haskell package. Please see amazonka-gen for more information.


amazonka-sts is released under the Mozilla Public License Version 2.0.

Parts of the code are derived from AWS service descriptions, licensed under Apache 2.0. Source files subject to this contain an additional licensing clause in their header.