You can use PrivX to authenticate and fetch short-term credentials for accessing AWS API via scripts or AWS Command Line Interface (AWS CLI).
The validity periods for the credentials can be configured between 15 minutes and 36 hours (AWS restrictions), after which they automatically expire.
Ephemeral credential functionality can also be used to delegate scripting access to another AWS accounts via IAM roles, or scan other AWS account EC2 instances without having AWS credentials to the third party account.
To use acquire assume-role credentials, see Configuring assume-role access to AWS API
If you would rather use Federation Tokens to delegate access through IAM role policies, see Configuring federated token access to AWS API
Updated over 1 year ago