• An IAM role is an IAM entity that defines a set of permissions for making AWS service requests.
  • IAM roles are not associated with a specific user or group.
  • IAM roles is used when a AWS service want to communicatye to another services.
  • IAM roles provide temporary credentials and aren’t associated with a specific person or thing.
  • A role doesn’t have standard long-term credentials, such as a password or access keys, associated with it.
  • IAM role works by calling the AWS Security Token Service (STS) AssumeRole APIs and these APIs return a set of temporary security credentials that applications can then use to sign requests to AWS service APIs.
  • IAM roles are free of charge.
  • We can create 1000 IAM roles under your AWS account. If you need more roles, submit the IAM limit increase request form with your use case.
  1. AWS service roles (for example: EC2, Lambda, Redshift,CloudFormation etc)
  2. Cross-Account Access: granting permissions to users from other AWS account, whether you control those account or not.
  3. Identity Provider Access: granting permissions to users authenticated by a trusted external system. AWS supports two kinds of identity federation: — Web-based identity such as Facebook, Goolge- IAM support ingeration via OpenID Connect — SAML 2.0 identity such as Active Directory, LDAP.

Cloud and DevOps Enthusiast