Set up AWS session tokens

Session tokens provide temporary credentials with automatic expiration.

Use cases

Local development and testing
CI/CD pipelines requiring credential rotation
Environments with compliance requirements for time-limited access (typically 1-12 hours)

Prerequisites

Before generating session tokens, ensure you have:

AWS CLI installed and configured
An existing IAM role you can assume
Your New Relic account ID

Generate temporary credentials

Open your terminal and run this command (replace with your role ARN):
```
aws sts assume-role \
    --role-arn "arn:aws:iam::YOUR_ACCOUNT:role/YOUR_ROLE" \
    --role-session-name "WorkflowAutomationSession"
```
If this is your first time using AWS CLI, you may need to configure it with aws configure and enter your access credentials:

AWS returns three values—you need all three:

{
  "Credentials": {
    "AccessKeyId": "ASIAIOSFODNN7EXAMPLE",
    "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
    "SessionToken": "FQoGZXIvYXdzEBk...",
    "Expiration": "2025-01-25T12:00:00Z"
  }
}

Store all three credentials in secrets manager:

AccessKeyId store as awsAccessKeyId
SecretAccessKey store as awsSecretAccessKey
SessionToken store as awsSessionToken
Caution
Session tokens expire (typically after 1 hour). Set a reminder to refresh them before the Expiration timestamp, or your workflows will fail with authentication errors.

AWS credentials overview

Compare authentication methods and choose the right one

AWS policy examples

Complete IAM policies for EC2, SQS, DynamoDB, and more

AWS actions

Browse EC2, Lambda, S3, SQS, and other AWS actions

Workflow best practices

Security best practices for credentials and secrets