
get-federation-token
********************


DESCRIPTION
===========

The get-federation-token action returns a set of temporary credentials
for a federated user with the user name and policy specified in the
request. The credentials consist of an Access Key ID, a Secret Access
Key, and a security token. Credentials created by IAM users are valid
for the specified duration, between 15 minutes and 36 hours;
credentials created using account credentials have a maximum duration
of one hour.

The federated user who holds these credentials has any permissions
allowed by the intersection of the specified policy and any resource
or user policies that apply to the caller of the get-federation-token
API, and any resource policies that apply to the federated user's
Amazon Resource --name (ARN). For more information about how token
permissions work, see Controlling Permissions in Temporary Credentials
in *Using IAM* . For information about using get-federation-token to
create temporary credentials, see Creating Temporary Credentials to
Enable Access for Federated Users in *Using IAM* .


SYNOPSIS
========

   aws sts get-federation-token
     --name <value>
     [--policy <value>]
     [--duration-seconds <value>]


REQUIRED PARAMETERS
===================

"--name"  (string)
   The name of the federated user associated with the credentials. For
   information about limitations on user names, go to Limitations on
   IAM Entities in *Using IAM* .


OPTIONAL PARAMETERS
===================

"--policy"  (string)
   A policy specifying the permissions to associate with the
   credentials. The caller can delegate their own permissions by
   specifying a policy, and both policies will be checked when a
   service call is made. For more information about how permissions
   work in the context of temporary credentials, see Controlling
   Permissions in Temporary Credentials in *Using IAM* .

"--duration-seconds"  (integer)
   The duration, in seconds, that the session should last. Acceptable
   durations for federation sessions range from 900s (15 minutes) to
   129600s (36 hours), with 43200s (12 hours) as the default. Sessions
   for AWS account owners are restricted to a maximum of 3600s (one
   hour). If the duration is longer than one hour, the session for AWS
   account owners defaults to one hour.
