
get-session-token
*****************


DESCRIPTION
===========

The get-session-token action returns a set of temporary credentials
for an AWS account or IAM user. The credentials consist of an Access
Key ID, a Secret Access Key, and a security token. These credentials
are valid for the specified duration only. The session duration for
IAM users can be between 15 minutes and 36 hours, with a default of 12
hours. The session duration for AWS account owners is restricted to a
maximum of one hour. Providing the AWS Multi-Factor Authentication
(MFA) device serial number and the token code is optional.

For more information about using get-session-token to create temporary
credentials, go to Creating Temporary Credentials to Enable Access for
IAM Users in *Using IAM* .


SYNOPSIS
========

   aws sts get-session-token
     [--duration-seconds <value>]
     [--serial-number <value>]
     [--token-code <value>]


REQUIRED PARAMETERS
===================

None


OPTIONAL PARAMETERS
===================

"--duration-seconds"  (integer)
   The duration, in seconds, that the credentials should remain valid.
   Acceptable durations for IAM user sessions range from 900s (15
   minutes) to 129600s (36 hours), with 43200s (12 hours) as the
   default. Sessions for AWS account owners are restricted to a
   maximum of 3600s (one hour). If the duration is longer than one
   hour, the session for AWS account owners defaults to one hour.

"--serial-number"  (string)
   The identification number of the MFA device for the user. If the
   IAM user has a policy requiring MFA authentication (or is in a
   group requiring MFA authentication) to access resources, provide
   the device value here.

   The value is in the **Security Credentials** tab of the user's
   details pane in the IAM console. If the IAM user has an active MFA
   device, the details pane displays a **Multi-Factor Authentication
   Device** value. The value is either for a virtual device, such as
   "arn:aws:iam::123456789012:mfa/user" , or it is the device serial
   number for a hardware device (usually the number from the back of
   the device), such as "GAHT12345678" . For more information, see
   Using Multi-Factor Authentication (MFA) Devices with AWS in *Using
   IAM* .

"--token-code"  (string)
   The value provided by the MFA device. If the user has an access
   policy requiring an MFA code (or is in a group requiring an MFA
   code), provide the value here to get permission to resources as
   specified in the access policy. If MFA authentication is required,
   and the user does not provide a code when requesting a set of
   temporary security credentials, the user will receive an "access
   denied" response when requesting resources that require MFA
   authentication. For more information, see Using Multi-Factor
   Authentication (MFA) Devices with AWS in *Using IAM* .
