Accessing Amazon S3 with temporary credentials via STS::GetSessionToken. Amazon S3 via STS.
S3 Browser
Free Windows Client for Amazon S3 and Amazon CloudFront

How to access S3 via Temporary Security Credentials

An AWS Account or an IAM user can request temporary security credentials and use them to access Amazon S3. The credentials consist of an Access Key ID, a Secret Access Key, and a Security Token.

Temporary security credentials are obtained from AWS Security Token Service (AWS STS) by sending the AssumeRole or GetSessionToken call.

With S3 Browser you can easily work with Amazon S3 via temporary security credentials, it calls AssumeRole or GetSessionToken automatically when required.

Once obtained, temporary security credentails are cached in memory and used until they expire, then the next STS call is sent.

To connect Amazon S3 via STS GetSessionToken

1. Start S3 Browser and click Accounts -> Add New Account.

click add new account menu item

Click Accounts -> Add New Account

The Add New Account dialog will open:

Add Amazon S3 via GetSessionToken account

New Amazon S3 via GetSessionToken account dialog.

2. Choose the Amazon S3 via GetSessionToken account type

3. Select the Source Account - an account for calling GetSessionToken. The GetSessionToken operation must be called by using the long-term AWS security credentials of the AWS account root user or an IAM user

4. Turn on the Use secure transfer (SSL/TLS) checkbox if you would like to encrypt all communications with the storage.

5. Click Add new account

You can now choose the newly added account from the Accounts menu:

how to switch between amazon s3 accounts

Click Accounts -> Account Name to switch between accounts.

Advanced Settings

You may also configure additional settings for the Amazon S3 via GetSessionToken account type.

To open Advanced Settings please click the Advanced settings.. link located at the bottom-left corner of the dialog.

advanced storage settings link

Click the Advanced settings.. link

The Advanced Account Settings dialog will open:


advanced get session token account settings

Advanced Account Settings dialog, the GetSessionToken tab

1. MFA Serial - an optional field, the identification number of the MFA device that is associated with the user who is making the GetSessionToken call. Specify it if the user has a policy that requires MFA authentication or leave it empty

2. Session duration in seconds - the duration in seconds, that temporary credentails should remain valid.

advanced get session token account settings

Advanced Account Settings dialog, the Miscellaneous tab


List all my buckets when account assigned - if checked, S3 Browser performs s3:ListAllMyBuckets call when account is assigned. You may uncheck this for accounts that are not allowed to list all buckets to avoid failed tasks and warnings in the log.

Check CloudFront distributions when account assigned - if checked, S3 Browser performs cloudfront:ListDistributions call when account is assigned to set special icon for buckets that are used as origin for CloudFront distributions. You may uncheck this for accounts that are not allowed to list CloudFront distributions to avoid failed tasks and warnings in the log.

External Buckets - you may edit external buckets associated with the account. Each bucket must be specified on a new line. Optional path is also supported, slash is used as delimiter, for example my-bucket/and/optional/path

S3 Browser 11.6.7 Freeware
Powered by Amazon Web Services and Rated by CNET Editors!
Social Connection
S3 Client Logo
Like Us!
People like S3 Browser!
People like us
Our customers say

"S3 Browser is an invaluable tool to me as a web developer to easily manage my automated site backups" -Bob Kraft, Web Developer

"Just want to show my appreciation for a wonderful product. I use S3 Browser a lot, it is a great tool." -Gideon Kuijten, Pro User

"Thank You Thank You Thank You for this tool. A must have for anyone using S3!" -Brian Cummiskey, USA

Related Products
Windows Client for Amazon Glacier - new low-cost storage for data archiving and backup.
protects your Windows Server from RDP Brute-force Attacks.
"Amazon Web Services", "AWS", "Amazon S3", "Amazon Simple Storage Service", "Amazon CloudFront", "CloudFront", the "Powered by Amazon Web Services" logo are trademarks of, Inc. or its affiliates in the US and/or other countries.
Copyright © 2008-2024 Netsdk Software FZE. All rights reserved.  Terms of Use.  Privacy Policy.  S3 Drive.  RDP brute-force protection.