Krishna Karamilli
Reputation: 21
how to prevent unauthorised access with aws sts tokens
We got a problem in managing authorisation while accessing aws resources. Currently, we are using STS tokens to authorize the user and give access to aws resources. But, the problem is in the request parameters if we change the user_id and keep the sts token as same, the resources are accessible. We are in search of a way where amazon can explicitly do this authorization. any suggestions?
Upvotes: 0
Views: 107
Answers (0)
Related Questions
- What's the functionality of AWS_SESSION_TOKEN returned from STS API?
- aws sts get-session-token fails with profile
- AWS STS Assume Role: Get session token
- How to check if an AWS STS access token is valid
- Not authorized to perform: sts:AssumeRole on resource
- Restrict S3 bucket access by STS token age?
- Using aws STS to get temporary credentials: Where is the web identity token?
- AWS restrict access to temporary credentials getSessionToken using StsClient
- How secret is the session token in AWS temporary security credentials?
- user authentication check using sts token instead of user/pass