What it is: Service that issues temporary security credentials.

What it’s for:

• Let users/services assume roles and get temporary access.
• Enable federation (login via external identity providers).
• Support cross-account access.

Key ideas:

• STS returns:
  • Access key ID
  • Secret access key
  • Session token
  • Expiration time
• Used behind the scenes by many AWS integrations.

Exam cues:

• “temporary credentials” → STS.
• “cross-account role access” → STS + AssumeRole.

Hard words:

• *token* /ˈtoʊkən/: token (chuỗi xác thực)
• *expiration* /ˌekspəˈreɪʃn/: thời hạn hết hiệu lực
• *federation* /ˌfedəˈreɪʃn/: liên kết đăng nhập (SSO)