Which service provides temporary security credentials for controlling access to AWS resources?

The correct answer is the AWS Security Token Service (STS), which is specifically designed to provide temporary security credentials that control access to AWS resources. STS allows users to request short-lived access tokens, which can be used to grant secure access to AWS resources without needing to manage long-term credentials. This functionality is particularly useful for scenarios such as federated user access, where temporary credentials help ensure that permissions are only valid for a limited time and minimize security risks.

By using STS, developers can enable applications to request temporary credentials for AWS services, which enhances security by reducing the risk of long-lived access keys being compromised. This function is ideal for situations where users or applications need to authenticate to AWS resources for a specific duration, thereby reinforcing the principle of least privilege in access control.

The other services mentioned serve different purposes. AWS Identity and Access Management (IAM) is focused on managing user identities and their permissions but does not provide temporary credentials. AWS Cognito is used for user authentication and management in mobile and web applications and focuses on managing user profiles rather than temporary access. AWS Secrets Manager is used for securely storing and managing sensitive information like API keys, database credentials, and other secret data, but again, does not provide temporary security credentials.