Which AWS service provides temporary security credentials to trusted users?

The service that provides temporary security credentials to trusted users is the AWS Security Token Service (STS). STS enables you to create and manage temporary access tokens that can be used for authentication and authorization. This is particularly useful in scenarios where you need to provide limited-time access to AWS resources without exposing long-term credentials.

One of the primary benefits of using STS is that it supports the concept of federated authentication, allowing users from different domains or accounts to securely access AWS resources. Temporary security credentials issued by STS are dynamically created and typically have a limited lifespan, which enhances security by minimizing the risk associated with long-term credentials.

This capability is important for use cases like cross-account access, where you might want to allow users from one AWS account to access resources in another account without having to share IAM user credentials. The use of temporary credentials reduces the likelihood of compromise since the tokens expire after a specified duration.

Other services mentioned do not provide this functionality; for instance, IAM is primarily for managing user permissions and roles rather than issuing temporary credentials, KMS is focused on encryption key management, and CloudTrail is used for logging and monitoring API activity across AWS services.