After configuring the plugin, use the generated Role ARN with `AssumeRoleWithCustomToken` to get temporary credentials to access object storage.

## API Request

To make an STS API request with this method, send a POST request to the MinIO endpoint with following query parameters:

func printLambdaTargets() {
	if globalLambdaTargetList == nil || globalLambdaTargetList.Empty() {
		return
	}

	arnMsg := color.Blue("Object Lambda ARNs: ")
	for _, arn := range globalLambdaTargetList.List(globalSite.Region()) {
		arnMsg += color.Bold(fmt.Sprintf("%s ", arn))
	}
	logger.Startup(arnMsg + "\n")
}

// Prints bucket notification configurations.
func printEventNotifiers() {
	if globalNotificationSys == nil {

MINIO_IDENTITY_PLUGIN_ROLE_ID       (string)    unique ID to generate the ARN
MINIO_IDENTITY_PLUGIN_COMMENT       (sentence)  optionally add a comment to this setting
```

If provided, the auth token parameter is sent as an authorization header.

`MINIO_IDENTITY_PLUGIN_ROLE_POLICY` is a required parameter and can be list of comma separated policy names.

variables in the *Resource* element and in string comparisons in the *Condition* element.

You can use a policy variable in the Resource element, but only in the resource portion of the ARN. This portion of the ARN appears after the 5th colon (:). You can't use a variable to replace parts of the ARN before the 5th colon, such as the service or account. The following policy might be attached to a group. It gives each of the users in the group full programmatic access to a user-specific object...

	for _, bucket := range buckets {
		if s, ok := bucketReplStats[bucket]; ok {
			stats := s.ReplicationStats
			if stats.hasReplicationUsage() {
				for arn, stat := range stats.Stats {
					labels := []string{bucketL, bucket, targetArnL, arn}
					m.Set(bucketReplLastHrFailedBytes, float64(stat.Failed.LastHour.Bytes), labels...)
					m.Set(bucketReplLastHrFailedCount, float64(stat.Failed.LastHour.Count), labels...)

		return arns
	}
	region := globalSite.Region()
	for targetID := range evnot.targetList.TargetMap() {
		// httpclient target is part of ListenNotification
		// which doesn't need to be listed as part of the ARN list
		// This list is only meant for external targets, filter
		// this out pro-actively.
		if !strings.HasPrefix(targetID.ID, "httpclient+") {
			arns = append(arns, targetID.ToARN(region).String())
		}
	}

	PrincipalID string `json:"principalId"`
}

// Bucket represents bucket metadata of the event.
type Bucket struct {
	Name          string   `json:"name"`
	OwnerIdentity Identity `json:"ownerIdentity"`
	ARN           string   `json:"arn"`
}

// Object represents object metadata of the event.
type Object struct {
	Key          string            `json:"key"`
	Size         int64             `json:"size,omitempty"`

type AssumedRoleUser struct {
	// The ARN of the temporary security credentials that are returned from the
	// AssumeRole action. For more information about ARNs and how to use them in
	// policies, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
	// in Using IAM.
	//
	// Arn is a required field
	Arn string

	cr "github.com/minio/minio-go/v7/pkg/credentials"
)

var (
	// LDAP integrated Minio endpoint
	stsEndpoint string

	// token to use with AssumeRoleWithCustomToken
	token string

	// Role ARN to use
	roleArn string

	// Display credentials flag
	displayCreds bool

	// Credential expiry duration
	expiryDuration time.Duration

	// Bucket to list
	bucketToList string
)

func init() {

	return "Remote with this label already exists for this bucket: " + e.Bucket
}

// BucketRemoteArnTypeInvalid arn type for remote is not valid.
type BucketRemoteArnTypeInvalid GenericError

func (e BucketRemoteArnTypeInvalid) Error() string {
	return "Remote ARN type not valid: " + e.Bucket
}

// BucketRemoteArnInvalid arn needs to be specified.
type BucketRemoteArnInvalid GenericError