====== STS (Security Token Service) ======

**What it is:** Service that issues temporary security credentials.

**What it’s for:**
  * Let users/services assume roles and get temporary access.
  * Enable federation (login via external identity providers).
  * Support cross-account access.

**Key ideas:**
  * STS returns:
    * Access key ID
    * Secret access key
    * Session token
    * Expiration time
  * Used behind the scenes by many AWS integrations.

**Exam cues:**
  * “temporary credentials” → STS.
  * “cross-account role access” → STS + AssumeRole.

**Hard words:**
  * *token* /ˈtoʊkən/: token (chuỗi xác thực)
  * *expiration* /ˌekspəˈreɪʃn/: thời hạn hết hiệu lực
  * *federation* /ˌfedəˈreɪʃn/: liên kết đăng nhập (SSO)