Configure STS Actions

The Security Token Service (STS) allows you to enable or disable specific token actions.

By default, the enabled actions list is empty. However, this means that all actions are enabled. To disable actions, list each action in the disabledactions property. To enable specific actions, list them in the enabledactions property.

# euctl tokens
PROPERTY	tokens.disabledactions	{}
PROPERTY	tokens.enabledactions	{}

The values for each property are case-insensitive, space or comma-separated lists of token service actions. If an action is in the disable list it will not be permitted. Eucalyptus returns an HTTP status 503 and the code ServiceUnavailable.

If the enable list is not empty, Eucalyptus only permits the actions specifically listed.

Action Description
AssumeRole Roles as per AWS/STS and Eucalyptus-specific personas admin functionality
GetAccessToken Eucalyptus extension for password logins (for example, the Management Console)
GetImpersonationToken Eucalyptus extension that allows cloud administrators to act as specific users
GetSessionToken Session tokens in the sameas per AWS/STS

For more information about STS, go to STS section of the AWS CLI Reference.