Skip to content
1. AWS Identity and Access Management (IAM)
AWS Identity and Access Management (IAM)
IAM Elements
IAM Authentication Methods
IAM Users
IAM Groups
IAM Roles
IAM Policy
Permission Boundary
IAM Policy Evaluation Logic
IAM Best Practices
Misc
Share
Explore

IAM Roles

Definition: An IAM identity that can be assumed by trusted entities to obtain a set of permissions for making AWS service requests.
Key Features
Delegation of Permissions: Allows assigning permissions to resources for users and services without using permanent credentials (e.g., user name and password).
Temporary Security Credentials: Used by IAM users or AWS services assuming a role to make AWS API calls. These credentials automatically expire.
Characteristics
No Permanent Credentials: Roles do not have associated credentials like passwords or access keys.
Temporary Assumption: IAM users can assume a role temporarily to gain permissions for specific tasks.
Role Assignment
Federated Users: Roles can be assigned to federated users who sign in using an external identity provider.
Assumption Methods: Roles can be assumed via:
Console: Temporarily assume roles through the AWS Management Console.
Programmatically: Use AWS CLI, Tools for Windows PowerShell, or API.
IAM Roles with EC2 Instances
Instance Profiles: Used for granting permissions to applications running on EC2 instances.
Single Role Assignment: Only one role can be assigned to an EC2 instance at a time.
Role Assignment Timing: Roles can be assigned at instance creation or any time afterwards.
Credential Retrieval: Applications retrieve temporary security credentials from instance metadata.
Manual Creation: Instance profiles must be created manually when using the AWS CLI or API (automatic through the console).
Role Delegation
Creating an IAM Role: Involves setting up two policies:
Permissions Policy: Grants the role the necessary permissions on a resource.
Trust Policy: Specifies trusted accounts allowed to assume the role.
Principal Specification: Wildcards (*) cannot be used as a principal.
Permissions Policy for Trusted Account: A permissions policy must also be attached to the user in the trusted account.

image.png
Want to print your doc?
This is not the way.
Try clicking the ··· in the right corner or using a keyboard shortcut (
CtrlP
) instead.