Which AWS service does IAM rely on for providing temporary security credentials?

Disable ads (and more) with a premium pass for a one time $4.99 payment

Prepare for the Amazon Web Services (CISN 74A) Security Test with our interactive quizzes. Use multiple choice questions with detailed hints and explanations to ace your exam.

AWS Identity and Access Management (IAM) relies on the AWS Security Token Service (AWS STS) to provide temporary security credentials. AWS STS enables users to request temporary, limited-privilege credentials for IAM users or federated users. This functionality is essential for scenarios such as granting access to resources for a limited period or for specific tasks without needing to manage long-term credentials.

When an application or user needs to perform actions on AWS services but requires a temporary increase in permissions or roles, AWS STS issues these temporary credentials. This approach enhances security by reducing the risks associated with long-term credentials, which can be accidentally exposed or misused. The temporary credentials also expire after a specified time, further limiting their exposure.

Other services mentioned in the options do not provide this specific functionality. AWS CloudTrail deals with logging and monitoring account activity and is not involved in credential issuance. AWS Secrets Manager manages and protects secrets like API keys, but it does not handle providing temporary credentials. AWS Key Management Service (KMS) is focused on the management of encryption keys and does not facilitate the temporary provisioning of security credentials as needed for AWS IAM.