How to access S3 via Temporary Security Credentials

An AWS Account or an IAM user can request temporary security credentials and use them to access Amazon S3.

Temporary security credentials are obtained from AWS Security Token Service (AWS STS) by sending the AssumeRole call.

With S3 Browser you can easily connect Amazon S3 storage with Temporary Security Credentials, it will send the AssumeRole call automatically.

Once obtained, temporary security credentails are cached in memory and used until they expire, then the next AssumeRole call is sent.

To connect Amazon S3 via AssumeRole

1. Start S3 Browser and click Accounts -> Add New Account.

Click Accounts -> Add New Account

Add New Account dialog will open:

Add New Account dialog.

2. Choose the Amazon S3 via AssumeRole account type

3. Specify the Role ARN - The Amazon Resource Name of the role to assume.

4. External ID - an optional field, a unique identifier that might be required when you assume a role in another account. If the administrator of the account to which the role belongs provided you with an external ID, then specify that value here.

5. MFA Serial - an optional field, the identification number of the MFA device that is associated with the user who is making the AssumeRole call. Specify this value if the trust policy of the role being assumed includes a condition that requires MFA authentication.

6. Select the Source Account - the account to sign the AssumeRole call.

7. Turn on the Use secure transfer (SSL/TLS) checkbox if you would like to encrypt all communications with the storage.

8. Click Add new account

You can now choose the newly added account from the accounts menu:

Click Accounts -> Account Name to switch between accounts.