How to create an STS temporary account and how to use it to access resources?

See STS temporary access authorization.

Client or console logon error reported for an authorized sub-account

See Why does a sub-account encounters an error of no operation permission for a bucket on the OSS console after it has been granted the bucket operation permission.

How to authorize a sub-account with the operation permission for a single bucket

See How to assign the full operation permission for a specified bucket to a sub-account.

How to authorize a sub-account with the operation permission for a directory in a bucket

See OSS directory authorization

How to authorize a sub-account with the read-only permission for a bucket

See Authorize a sub-user to list and read resources in a bucket.

Error upon an OSS SDK call: InvalidAccessKeyId

See STS errors and troubleshooting.

Error upon an STS call: Access denied by authorizer’s policy

Detailed error information: ErrorCode: AccessDenied ErrorMessage: Access denied by authorizer’s policy.

Cause of the error:
  • The temporary account has no access permission.
  • The authorization policy specified for assuming the role of this temporary account does not assign the access permission to the account.

For more STS errors and the causes, see OSS permission errors and troubleshooting.