Skip to Content
This project is a work in progress. If you have any questions or suggestions, feel free to contact me.
Security, Identity & ComplianceIdentity and Access Management (IAM)IAM Role

IAM Role

An IAM role is an IAM identity similiar to user but it is used to grant temporary permission.

  • Associated with permissions - inline, managed
  • Assumes by other principals.
  • An IAM Role can have more than one policy attached to it.
  • A unique policy is attached with Role i.e., Role Trust Policy.

Role Trust Policy

  • It has a principal element. Similar to resource based policy but the principal is going to be the section that determines which entities can assume the role take it’s permission.

![AWS_Security_Roles_1]

  • It has different element such as Effect, Action, Condition and Resource (optional), etc.

Demo: Generate Temporary Credentials (CLI)

Let’s take a scenario where I want to provide access to my account to someone for an hour only. To do so we are going to generate temporary credentials.

Go to CLI and run the following command

$ aws sts get-session-token --duration-seconds 3600
Output
{
    "Credentials": {
        "AccessKeyId": "AS****EPMD",
        "SecretAccessKey": "iwpzbnP****o3AK4SeYfr1LSRg",
        "SessionToken": "IQo****mdm1g==",
        "Expiration": "2024-10-21T18:45:54+00:00"
    }
}

To generate the session using STS one must have permission. If you’re using AWS Cloudshell then it won’t work because it don’t have that permission.

Last updated on
PoliciesIAM Users