We talked about how AWS CIP, STS and IAM can serve as the foundation of application authorization in our last post, i.e., how the application gets the temporary credential representing a specific role (i.e., privileges) to access the resources of the applications — an architecture understanding how different building blocks work together under the hood.