Skip to main content

AWS IAM STS Keys

Description

General

  • Documentation: https://docs.aws.amazon.com/IAM/latest/APIReference/welcome.html
  • Summary: AWS Security Token Service (STS) provides temporary security credentials that can be used to access AWS resources. STS keys are short-lived and tied to IAM roles, allowing users to programmatically access AWS resources for a limited time.
  • IPs allowlist: It is possible to configure IP ranges that have access to AWS resources using IAM policies. These policies can be applied to roles that generate STS keys. Learn more.
  • Scopes: STS keys are generated for IAM roles, not users, and inherit the permissions of the role. Permissions are defined by the role's policies, which can be managed through the IAM console. STS keys expire after a set duration, reducing the risk of prolonged access.

Revoke the secret

STS keys cannot be manually revoked. They automatically expire after the specified duration. To restrict access, modify or delete the IAM role or policy associated with the STS keys.

Check for suspicious activity

AWS CloudTrail is the service logging API calls. When enabled, the service delivers the log files to an S3 bucket.

Details for AWS Temporary Keys

  • Family: credentials

  • Category: cloud_provider

  • Company: Amazon Web Services

  • High recall: True

  • Validity check available: True

  • Analyzer available: False

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 3

  • Occurrences found for one million commits: 6.98

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - yxdz
    - iqojb3jpz2lu
- type: ContentWhitelistPreValidator
  patterns:
    - asia

Examples

- text: |
    client id =  ASIAAKIAFJKR45SAWS5Z
    client secret = hjohnk4ex5l33565d4634HNKGxhz545e89cjyjad
    session = FwoGZXIvYXdzEBAaDLHxhjed4A6ABQplMyKBAd0Jzohb7hRtcvWvjWSNw5bVcn5al0jGu9Cl7W2ijDztOnmLZICjbsFBYgO7mt2J1AM9CO0nrL9qBatm9+ytKde5MXuKyzMGY6J8YDLoXU625FQKpnGXelSQxA1mYI/VOjaSa2MP4gPZsgOBjyOuiRxUKmkgYglbzl8sGYco9KWSNyjK5/aKBjIoKnYXwjdTkOt7/Bw6HMETrjPUPyHStdSfCjt4IwGvu2ox5Xo8VHAp5g==
  client_id: ASIAAKIAFJKR45SAWS5Z
  client_secret: hjohnk4ex5l33565d4634HNKGxhz545e89cjyjad
  session_token: FwoGZXIvYXdzEBAaDLHxhjed4A6ABQplMyKBAd0Jzohb7hRtcvWvjWSNw5bVcn5al0jGu9Cl7W2ijDztOnmLZICjbsFBYgO7mt2J1AM9CO0nrL9qBatm9+ytKde5MXuKyzMGY6J8YDLoXU625FQKpnGXelSQxA1mYI/VOjaSa2MP4gPZsgOBjyOuiRxUKmkgYglbzl8sGYco9KWSNyjK5/aKBjIoKnYXwjdTkOt7/Bw6HMETrjPUPyHStdSfCjt4IwGvu2ox5Xo8VHAp5g==

- text: |
    client id: ASIA2EHZ5M7JX3GAEO5M
    client_secret: 3GL1oJBt1YncTDi1R/o6i4xVcWl7y6VLtH6FC3HB
    client_token: IQoJb3JpZ2luX2VjEGoaCXVzLWVhc3QtMSJHMEUCIQCqb7eWWtTBAzf8XkcSeEWwlgu4rsfypWV4HFx4zyiiDQIgDSU8p29rr/Ys/NDlwatSB0yd+N/8rMM4qB4duzoDAHYqjAMI0///////////ARACGgw3MDg1NzAyMjk0MzkiDKRyw9a+NGM+oMI2iyrgAhYD7JTPP696aLDnFBFyJXGG5VhCD3T4DT+FYu8B/Uqa6a9ow3SqbvFbh/WuzvuiFHhXIOC+HMcqPJ0D5RBt5FRi53CTaAXu+i7JtxYGymAdpYDv1DXkiRbzxA81qBzGGzMgu8ckUw4Mic9qbosOadmTDoVxW97//st/A7XGOETEAdGqtKM3HiX/KTDwFXDjfWTAxMhKSMml4nxeZjiNkKfL9E3R/0aObNC18Ey2f03TbAJVTM9ZndcrY4rPxxi8phrV5ZJly96R+7mqCw7hYI8a2vNW5gSRwkaX938ZsxheW5iIMb0hdlHSAEI/RRAF/diEPnveWL2l+rTBartZw9QHHtI6NaN6s4391EH3j3JoloUkaKwb4fF9w9jmG87vEGeOPdDkncC1srILwqvVXeB1FGHR5KP6isYu3vvdzt0LCF6b/Pq7Cgw0CBPO/zxTSATyuTm6Ao/X2NHor+4tSaMw4IrWigY6pgHebYmvtup+YjlxOVtkSxuAtj4Juw1DoiSBIuyaNJ+5yqdZq6MMCHa96/xHL1NX28/8tBWVZ+nqb96sTHRBW73tBDHmWR/eGa9LRF4NKUjr6Ey9165aeI2+LT9vl2Nh1dWwwkLrCJRScZt1tEN0P3AtddULnWLlXjc0XvZ1HwteJMvGU1SG+0KqyOq7PqhoEQrfa6lPdcdfTUGt9nsm/8EivPdEvohU
  client_id: ASIA2EHZ5M7JX3GAEO5M
  client_secret: 3GL1oJBt1YncTDi1R/o6i4xVcWl7y6VLtH6FC3HB
  session_token: IQoJb3JpZ2luX2VjEGoaCXVzLWVhc3QtMSJHMEUCIQCqb7eWWtTBAzf8XkcSeEWwlgu4rsfypWV4HFx4zyiiDQIgDSU8p29rr/Ys/NDlwatSB0yd+N/8rMM4qB4duzoDAHYqjAMI0///////////ARACGgw3MDg1NzAyMjk0MzkiDKRyw9a+NGM+oMI2iyrgAhYD7JTPP696aLDnFBFyJXGG5VhCD3T4DT+FYu8B/Uqa6a9ow3SqbvFbh/WuzvuiFHhXIOC+HMcqPJ0D5RBt5FRi53CTaAXu+i7JtxYGymAdpYDv1DXkiRbzxA81qBzGGzMgu8ckUw4Mic9qbosOadmTDoVxW97//st/A7XGOETEAdGqtKM3HiX/KTDwFXDjfWTAxMhKSMml4nxeZjiNkKfL9E3R/0aObNC18Ey2f03TbAJVTM9ZndcrY4rPxxi8phrV5ZJly96R+7mqCw7hYI8a2vNW5gSRwkaX938ZsxheW5iIMb0hdlHSAEI/RRAF/diEPnveWL2l+rTBartZw9QHHtI6NaN6s4391EH3j3JoloUkaKwb4fF9w9jmG87vEGeOPdDkncC1srILwqvVXeB1FGHR5KP6isYu3vvdzt0LCF6b/Pq7Cgw0CBPO/zxTSATyuTm6Ao/X2NHor+4tSaMw4IrWigY6pgHebYmvtup+YjlxOVtkSxuAtj4Juw1DoiSBIuyaNJ+5yqdZq6MMCHa96/xHL1NX28/8tBWVZ+nqb96sTHRBW73tBDHmWR/eGa9LRF4NKUjr6Ey9165aeI2+LT9vl2Nh1dWwwkLrCJRScZt1tEN0P3AtddULnWLlXjc0XvZ1HwteJMvGU1SG+0KqyOq7PqhoEQrfa6lPdcdfTUGt9nsm/8EivPdEvohU

- text: |
    class BotService {
      late Map<String, dynamic> result;
      String botName = "BookAppointment";
      String kAccessKeyId = 'ASIAZWJRDCYYKA6INEEW';
      String kSecretAccessKey = 'kOqmb4VZie3cilEqYPgROZzVl5qiQOV+WJH86zwR';
      String sessionToken = 'IQoJb3JpZ2luX2VjEDoaCXVzLWVhc3QtMiJIMEYCIQDQh4gelDqno96q39RwiPT5x7K7SyVOSmeDpUMd9SthWAIhAP5tT81Cb+Rb2zN85delmYB4KECmW1uL7Tr36C/M2GaJKr0DCKP//////////wEQARoMNjY2MzU5NzY0NTI4Igyu9F2yAqZN3dG0q9YqkQMVrg/4mCJjDxg0QmplU581Z2P8LGhGfr9vgei6SaONhhfks5Kt9Ikbh61G9UiQ3SXgPLbHjOfTUueaIIcBz1Y3LcW+WajtfsGfB8CqT76lkJLtkvl+1KjSCVn6k+/K/iWgr3Zc1Ej+qT2djTH4x1OWFNS6i6iCtlUy/Z6i3P2fziHGsEmafkH3ict+07dFb3DA2aRnUhnaCHfQDNd/5ub70oILwB4UgtgGNkbM9SE/NxKgPZY9qIktYifqcgfDyYMYHlvY9XEc0UT2jfaQKDYVgMCdsdsW5mkoBYzLRisQhKxjfwaBpkRtdW8dEHFAG04eV4JSAbOSat3bgUwahATGizOdsMz/qhnS9qzShQGgSR6OU6pDDUtuHCGh0sgwrjsZ+bGDfzkw5Sy3JhjQpozfinCsAmDZ1t3nX6llw9OR9B2mdDHCeccsWGwjIvmprs21FtgjDuKGzaAET6HgQAR+pkFUgxBWVmZArtck1ziG21FEN8pFR75rOgxSkQ3yEZeDZkIIZ/aJnABGvbC3Fbq9ATD6ycuKBjqlAaGPeFKzdCR1dBh4sHQVHejXNegWWZV72n4MLyZx2FE9wLUfPGXXW+pYZg4SySvN0Z4OnGoYdlO/pjKvdRa507mSD8N8EhkwgpJMatFobJb0hsz7GY5flutVSkDfBDYkU91vpl7YCJ5rlvuR0I6iWe+K7smYj5hzm16YokWsRQ4EeWHo0peEJuqTZrZt/U4gHVsFpG44V8Yb6iRdZL78E+5xcgjeFw==';
    }

  client_id: ASIAZWJRDCYYKA6INEEW
  client_secret: kOqmb4VZie3cilEqYPgROZzVl5qiQOV+WJH86zwR
  session_token: IQoJb3JpZ2luX2VjEDoaCXVzLWVhc3QtMiJIMEYCIQDQh4gelDqno96q39RwiPT5x7K7SyVOSmeDpUMd9SthWAIhAP5tT81Cb+Rb2zN85delmYB4KECmW1uL7Tr36C/M2GaJKr0DCKP//////////wEQARoMNjY2MzU5NzY0NTI4Igyu9F2yAqZN3dG0q9YqkQMVrg/4mCJjDxg0QmplU581Z2P8LGhGfr9vgei6SaONhhfks5Kt9Ikbh61G9UiQ3SXgPLbHjOfTUueaIIcBz1Y3LcW+WajtfsGfB8CqT76lkJLtkvl+1KjSCVn6k+/K/iWgr3Zc1Ej+qT2djTH4x1OWFNS6i6iCtlUy/Z6i3P2fziHGsEmafkH3ict+07dFb3DA2aRnUhnaCHfQDNd/5ub70oILwB4UgtgGNkbM9SE/NxKgPZY9qIktYifqcgfDyYMYHlvY9XEc0UT2jfaQKDYVgMCdsdsW5mkoBYzLRisQhKxjfwaBpkRtdW8dEHFAG04eV4JSAbOSat3bgUwahATGizOdsMz/qhnS9qzShQGgSR6OU6pDDUtuHCGh0sgwrjsZ+bGDfzkw5Sy3JhjQpozfinCsAmDZ1t3nX6llw9OR9B2mdDHCeccsWGwjIvmprs21FtgjDuKGzaAET6HgQAR+pkFUgxBWVmZArtck1ziG21FEN8pFR75rOgxSkQ3yEZeDZkIIZ/aJnABGvbC3Fbq9ATD6ycuKBjqlAaGPeFKzdCR1dBh4sHQVHejXNegWWZV72n4MLyZx2FE9wLUfPGXXW+pYZg4SySvN0Z4OnGoYdlO/pjKvdRa507mSD8N8EhkwgpJMatFobJb0hsz7GY5flutVSkDfBDYkU91vpl7YCJ5rlvuR0I6iWe+K7smYj5hzm16YokWsRQ4EeWHo0peEJuqTZrZt/U4gHVsFpG44V8Yb6iRdZL78E+5xcgjeFw==
Last updated on

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status