Related Links

Security Token Service

If your question is not addressed below, contact us through our and we will get back to you shortly.
faq What is Security Token Service (STS) in IDrive® e2?
faq How to create an AWS profile in STS?
faq How to request a session token (temporary credentials)?
faq Where can we use the session token?
faq How to create an AWS CLI setup with temporary credentials?

What is Security Token Service (STS) in IDrive® e2?

The Security Token Service (STS) provides temporary credentials that inherit permissions from your IDrive® e2 access keys. These are useful for restricted access and time-limited operations via CLI, SDKs, or 3rd-party tools.

How to create an AWS profile in STS?

To create an AWS profile in STS,

Configure a named profile in your command prompt or terminal:

aws configure --profile <profile_name>

You will be prompted to enter your credentials:

AWS Access Key ID [None]: <Your_Access_Key_ID>
AWS Secret Access Key [None]: <Your_Secret_Access_Key>
Default region name [None]: us-east-1
Default output format [None]: json

How to request a session token (temporary credentials)?

Use the following command to get a session token:

aws --endpoint-url https://<your-e2-endpoint> sts get-session-token `
 --duration-seconds 3600 `
 --no-verify-ssl `
 --profile <your_profile_name> `
 --region us-east-1

Example:

aws --endpoint-url https://your-e2-idrive-endpoint sts get-session-token `
    --duration-seconds 3600 `
    --no-verify-ssl `
    --profile dev `
    --region us-east-1

Sample Output
You will receive output similar to:

{
"Credentials": {
"AccessKeyId": "AKIAIOSFODNN7EXAMPLE",
"SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
"SessionToken": "FQoGZXIvYXdzEGMaDP///wEXAMPLE..."
  }
}

Save these values securely.

Where can we use the session token?

The temporary token can be used across AWS CLI, SDKs, and compatible tools like S3 Browser.

How to create an AWS CLI setup with temporary credentials?

By following the below steps, you can create an AWS CLI setup with temporary credentials.

Linux / macOS

export AWS_ACCESS_KEY_ID=<AccessKeyId>
export AWS_SECRET_ACCESS_KEY=<SecretAccessKey>
export AWS_SESSION_TOKEN=<SessionToken>
export AWS_ENDPOINT_URL=https://<your-e2-endpoint>

Then run:

aws s3 ls

Windows CMD

set AWS_ACCESS_KEY_ID=<AccessKeyId>
set AWS_SECRET_ACCESS_KEY=<SecretAccessKey>
set AWS_SESSION_TOKEN=<SessionToken>
set AWS_ENDPOINT_URL=https://<your-e2-endpoint>

Then run:

aws s3 ls

Note:

  • Session tokens inherit permissions from the access keys used to generate them.
  • Expiration is controlled via --duration-seconds.
  • Use only trusted machines to generate and use session credentials.