AWS Certified Cloud Practitioner — Question 289

A developer wants AWS users to access AWS services by using temporary security credentials.

Which AWS service or feature should the developer use to provide these credentials?

Answer options

• A. IAM policies
• B. IAM user groups
• C. AWS Security Token Service (AWS STS)
• D. AWS IAM Identity Center (AWS Single Sign-On)

Correct answer: C

Explanation

AWS Security Token Service (AWS STS) is the dedicated service designed to generate and provide temporary, limited-privilege security credentials for accessing AWS resources. IAM policies define permissions and IAM user groups organize users, but neither directly issues temporary credentials. While AWS IAM Identity Center facilitates single sign-on, AWS STS is the fundamental service responsible for generating these short-term credentials.