AWS IAM Role

Nivas DevSecOps

·

Follow

2 min read

·

Aug 15, 2024

--

Listen

Share

• An IAM role is an IAM entity that defines a set of permissions for making AWS service requests.
• IAM roles are not associated with a specific user or group.
• IAM roles is used when a AWS service want to communicatye to another services.
• IAM roles provide temporary credentials and aren’t associated with a specific person or thing.
• A role doesn’t have standard long-term credentials, such as a password or access keys, associated with it.
• IAM role works by calling the AWS Security Token Service (STS) AssumeRole APIs and these APIs return a set of temporary security credentials that applications can then use to sign requests to AWS service APIs.
• IAM roles are free of charge.
• We can create 1000 IAM roles under your AWS account. If you need more roles, submit the IAM limit increase request form with your use case.

AWS supports 3 Role Types for different scenarios

1. AWS service roles (for example: EC2, Lambda, Redshift,CloudFormation etc)
2. Cross-Account Access: granting permissions to users from other AWS account, whether you control those account or not.
3. Identity Provider Access: granting permissions to users authenticated by a trusted external system. AWS supports two kinds of identity federation: — Web-based identity such as Facebook, Goolge- IAM support ingeration via OpenID Connect — SAML 2.0 identity such as Active Directory, LDAP.