Definitions

Definition 1 AWS

A temporary on-demand business role in AWS. Once an identity is granted permission to assume a role, the identity may assume that role by demanding it. It then inherits all of the access permissions linked to it.

Related Terms

• AWS

• AWS Account

• https://open-measure.atlassian.net/wiki/spaces/DIC/pages/998277774

• AWS IAM

• https://open-measure.atlassian.net/wiki/spaces/DIC/pages/998277805

• https://open-measure.atlassian.net/wiki/spaces/DIC/pages/998245125

Quotes

IAM Roles

An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have standard longterm credentials such as a password or access keys associated with it. Instead, when you assume a role, it provides you with temporary security credentials for your role session.

You can use roles to delegate access to users, applications, or services that don't normally have access to your AWS resources. For example, you might want to grant users in your AWS account access to resources they don't usually have, or grant users in one AWS account access to resources in another account. Or you might want to allow a mobile app to use AWS resources, but not want to embed AWS keys within the app (where they can be difficult to rotate and where users can potentially extract them). Sometimes you want to give AWS access to users who already have identities defined outside of AWS, such as in your corporate directory. Or, you might want to grant access to your account to third parties so that they can perform an audit on your resources.

For these scenarios, you can delegate access to AWS resources using an IAM role.

Bibliography

See Also