This page is under regular updates. Please check back later for more content.
Security Identity & Compliance
Identity and Access Management (IAM)
Roles

IAM Role

An IAM role is an IAM identity similiar to user but it is used to grant temporary permission.

  • Associated with permissions - inline, managed
  • Assumes by other principals.
  • An IAM Role can have more than one policy attached to it.
  • A unique policy is attached with Role i.e., Role Trust Policy.

Role Trust Policy

  • It has a principal element. Similar to resource based policy but the principal is going to be the section that determines which entities can assume the role take it's permission.

![AWS_Security_Roles_1]

  • It has different element such as Effect, Action, Condition and Resource (optional), etc.

Demo: Generate Temporary Credentials (CLI)

Let's take a scenario where I want to provide access to my account to someone for an hour only. To do so we are going to generate temporary credentials.

Go to CLI and run the following command

$ aws sts get-session-token --duration-seconds 3600
Output
{
    "Credentials": {
        "AccessKeyId": "AS****EPMD",
        "SecretAccessKey": "iwpzbnP****o3AK4SeYfr1LSRg",
        "SessionToken": "IQo****mdm1g==",
        "Expiration": "2024-10-21T18:45:54+00:00"
    }
}

To generate the session using STS one must have permission. If you're using AWS Cloudshell then it won't work because it don't have that permission.

GroupPolicies