What are IAM Roles in AWS?

What are IAM Roles in AWS?
  • An IAM role is very similar to a user, in that it is an identity with permission policies that determine what the identity can and can not do in AWS.

  • An IAM role does not have any credentials (password or access key) associated with it.

  • Instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.

  • An IAM user can assume a role to temporarily take on different permissions for a specific task.

  • An IAM role can be assigned to a federated user who signs in using an external identity provider instead of IAM.

IAM Temporary Credentials

  • Temporary credentials are primarily used with IAM roles, but there are also other users.

  • You can request temporary credentials that have a more restricted set of permissions than your standard IAM users. This prevents you from accidentally performing a task that is not permitted by the more restricted credentials.

  • A benefit of temporary credentials is that they expire automatically after a set period of time.