> For the complete documentation index, see [llms.txt](https://docs.expandrive.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.expandrive.com/integrations/amazon-s3/amazon-s3-with-iam-role.md).

# Amazon S3 with IAM Role

ExpanDrive connects to Amazon S3 using temporary security credentials issued via [AWS Security Token Service (STS)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).

For this workflow, you provide the keys to authenticate as a user who can assume a role that has access to your bucket. ExpanDrive uses STS to get temporary credentials for the role that can access the S3 bucket. If the role is configured for MFA, ExpanDrive prompts you for the one-time password and supplies the MFA information to STS. With the temporary credentials in hand, ExpanDrive provides access to the S3 bucket.

This is a more secure alternative to long-term access keys. It supports IAM roles, MFA enforcement, and short-lived credentials that automatically expire.

## Connection Parameters

Connecting to S3 using temporary security credentials uses many of the same connection parameters as a [conventional S3 connection](/integrations/amazon-s3.md). The server, custom region, nickname, and bucket behave exactly the same.

### Access Key

This is the access key of the user who has permission to assume a role via STS.

### Secret Key

The secret key for the user who can assume a role via STS.

### STS Endpoint

The endpoint for AWS STS. Use <https://sts.amazonaws.com>.

### IAM Role

The Amazon Resource Name (ARN) of the role to assume. This role must grant access to the target S3 bucket.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.expandrive.com/integrations/amazon-s3/amazon-s3-with-iam-role.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.