Manualshelf

User guide

ManualsBrandsAmazon ManualsComputer equipmentAWS SDK
61626364656667686970
2. Retrieve temporary security credentials from AWS STS.
3. Use the credentials to access AWS resources.
Note
Activating a region is optional; by default, temporary security credentials are obtained from the
global endpoint sts.amazonaws.com. However, to reduce latency and to enable you to build
redundancy into your requests by using additional endpoints if an AWS STS request to the first
endpoint fails, you can activate regions that are geographically closer to your services or
applications that use the credentials.
(Optional) Activate and use an AWS STS region
To activate a region for use with AWS STS, use the AWS Management Console to select and activate
the region.
To activate additional STS regions
1. Sign in as an IAM user with permissions to perform IAM administration tasks ("iam:*") for the account
for which you want to activate AWS STS in a new region.
2. Open the IAM console and in the navigation pane click Account Settings.
3. Expand the STS Regions list, find the region that you want to use, and then click Activate.
After this, you can direct calls to the STS endpoint that is associated with that region.
Note
For more information about activating STS regions and for a list of the available AWS STS
endpoints, see Activating AWS STS in a New Region in the AWS Security Token Service User
Guide.
Retrieve temporary security credentials from AWS
STS
To retrieve temporary security credentials using the AWS SDK for Java
1. Create an AWSSecurityTokenServiceClient object:
AWSSecurityTokenServiceClient sts_client = new AWSSecurityTokenServiceCli
ent();
When creating the client with no arguments, the default credential provider chain is used to retrieve
credentials.You can provide a specific credential provider if you want. For more information, see
Providing AWS Credentials in the AWS SDK for Java.
2. (Optional; requires that you have activated the region) Set the endpoint for the STS client:
sts_client.setEndpoint("sts.eu-west-1.amazonaws.com");
Important
Do not use the setRegion method to set a regional endpoint—for backwards compatibility,
that method continues to use the single global endpoint of sts.amazonaws.com.
3. Create a GetSessionTokenRequest object, and optionally set the duration in seconds for which the
temporary credentials are valid:
Version v1.0.0
62
AWS SDK for Java Developer Guide
(Optional) Activate and use an AWS STS region