Why does an error occur when I use STS?

If the following error message is displayed, it means that the AliyunSTSAssumeRoleAccess policy is not attached to the authorized user:

Error message: You are not authorized to do this action. You should be authorized by RAM

Attach the AliyunSTSAssumeRoleAccess policy to the authorized user and then continue to use STS.

What permissions does an STS token have?

The permissions of an STS token are the specified role's permissions that are included in the policy set when the AssumeRole API is called.

If you do not set the policy parameter when calling the AssumeRole API, the returned STS token will have all the permissions of the specified role.

What is the validity period of an STS token?

The validity period of an STS token ranges from 900 seconds to 3600 seconds. The default value is 3600 seconds. You can set the DurationSeconds parameter when calling the AssumeRole API to limit the valid period of an STS token.

Is there an upper limit to the number of times that STS API can be called?

STS supports up to 100 Queries Per Second (QPS). If the call requests exceed 100 QPS, an error is reported.

If multiple STS tokens have been obtained at different times, are the old and new tokens valid at the same time?

Both the new and old STS tokens are valid before their expiration time.