aws:sts user for Stack creation - aws cli
Using sam deploy, where sam deploy is a wrapper of aws cloudformation deploy, we run below command from EC2, for stack creation:
aws cloudformation deploy --template-file cfntemplate.yml --stack-name somestack-test --region us-east-1
Amidst stack creation, we see the below (as shown below):
user is: arn:aws:sts::${AccountId}:assumed-role/Autodeploy/i-0000000cc4. Autodeploy is the name of role assigned to EC2. This user disappears after stack creation is complete.
What does assumed-role indicate in its arn?
What does Autodeploy/i-0000000cc4 indicate in it's arn?
What is aws:sts type resource?
The information for your question can be found in the IAM docs reference section IAM Identifiers [1].
The active session of someone assuming the role of "Accounting-Role", with a role session name of "Mary":
arn:aws:sts::123456789012:assumed-role/Accounting-Role/Mary
The aws:sts part indicates that the resource is part of the Security Token Service (STS) [2]. The assumed-role part indicates that you are authenticated via a session context which was established most likely by calling something like aws sts assume-role --role-arn "arn:aws:iam::123456789012:role/Accounting-Role" --role-session-name "Mary" [3].
In your case: Autodeploy is the role name and i-0000000cc4 is the role session name.
As the cli reference [3] states, session context means that you are not authenticated via long-lived credentials but temporary credentials instead:
By default, the temporary security credentials created by AssumeRole last for one hour. However, you can use the optional DurationSeconds parameter to specify the duration of your session.
References
[1] https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
[2] https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html
[3] https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role.html