Alibaba Cloud Security Token Service (STS) provides short-term access management for Alibaba Cloud accounts or RAM users.
- Call Alibaba Cloud API actions.
- Log on to the Alibaba Cloud console.
The endpoint of STS that is used to call API actions is
Commonly used terms
- RAM role
- A virtual RAM user.
- The Alibaba Cloud Resource Name (ARN) of a RAM role. Each role has a unique ARN.
- Trusted entity
- The trusted entity that can assume a RAM role. You must specify a trusted entity when you create a RAM role. Only trusted entities can assume roles. The trusted entity can be an Alibaba Cloud account, Alibaba Cloud service, or identity provider (IdP).
- Role assuming
- The method for entity users to obtain security tokens of RAM roles. By calling the AssumeRole action, an entity user can obtain the security token of a role and use the token to access Alibaba Cloud service APIs.