1 Answer
- Newest
- Most votes
- Most comments
0
There is an alternative to all this...
- After obtaining the STS token from the IoT credential provider, you can add custom logic in your application to attach session tags.
- Use the TagSession API (part of AWS Security Token Service) to add tags to the session.
- Consider adding a server-side component (e.g., Lambda function or an API Gateway) that receives the STS token. Here you can extract relevant information (such as user identity or context) and add session tags.
- The server-side logic can then call the TagSession API to attach the desired tags.
- Instead of relying solely on the IoT credential provider, create a custom token generation process.
Relevant content
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
Thanks Giovanni for your answer, I think we can only add STS session tag during assuming role and can not modify it after, otherwise it will have security risk to allow add/modify session tag. Of cause, we can use existing STS token to assume another role, add tags and get new STS token, but that is not what we want, we need session tag added to STS token directly from IoT credential provider. Anyone know if there is way?