An IAM role is very similar to a user, in that it is an identity with permission policies that determine what the identity can and can not do in AWS.
An IAM role does not have any credentials (password or access key) associated with it.
Instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.
An IAM user can assume a role to temporarily take on different permissions for a specific task.
An IAM role can be assigned to a federated user who signs in using an external identity provider instead of IAM.
IAM Temporary Credentials
Temporary credentials are primarily used with IAM roles, but there are also other users.
You can request temporary credentials that have a more restricted set of permissions than your standard IAM users. This prevents you from accidentally performing a task that is not permitted by the more restricted credentials.
A benefit of temporary credentials is that they expire automatically after a set period of time.