Code360 powered by Coding Ninjas X Naukri.com. Code360 powered by Coding Ninjas X Naukri.com
Table of contents
1.
Introduction
2.
IAM Roles
3.
Roles Terms and Concepts
4.
IAM Roles Use Cases
5.
Some Cases of Roles
6.
Create an IAM Roles
7.
Frequently Asked Questions
7.1.
What do you mean by IAM?
7.2.
What are the primary elements in AWS IAM identity management?
7.3.
What is the IAM Roles in AWS?
7.4.
What are different IAM Roles?
8.
Conclusion
Last Updated: Mar 27, 2024

AWS IAM Roles

Author Aniket Majhi
0 upvote
Master Python: Predicting weather forecasts
Speaker
Ashwin Goyal
Product Manager @

Introduction

Welcome readers! We hope that you are doing well.

In today’s computing world Cloud Computing is a consistent and reliable strategy. It is presently widely popular in the industry and is further being adopted by other firms. AWS is one of the best and most popular platforms for cloud computing. 

In this article, we will be discussing the AWS IAM Roles.

This blog will give you a detailed explanation of the AWS IAM Roles in-depth, which will help you to extend your knowledge about AWS IAM roles.

So, without further ado, let’s start the topic.

IAM Roles

IAM stands for Identity and Access ManagementAWS IAM is a service that offers secure access control mechanisms for all of your AWS services and, in some cases, resources. It is the heart of security. 

An IAM role is similar to an IAM user. An IAM identity with permission policies determines what an identity can or cannot do in AWS, but the role does not have any credentials like the password or access keys. Instead, it provides you with temporary security credentials for your role session. The role is intended to be assumable by anyone who needs it instead of being uniquely associated with one person. An IAM user can temporarily assume a role to take on different permissions for a specific task.

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job
Bootcamp

Roles Terms and Concepts

These are the following terms and concepts of a role:

  • Role:  It is an IAM identity that you can create in your account with specific permissions.
     
  • AWS service role: A service assumes a role in performing actions in your account on your behalf.
     
  • AWS service role for an EC2 instance: It is a special service role that an application running on an Amazon EC2 instance can assume to perform actions in your account.
     
  • AWS service-linked role:  It is a unique service role linked directly to an AWS service. It includes all the permissions that the service requires to call other AWS services on your behalf.
     
  • Role chaining:  You use a role to assume a second role through the AWS CLI or API. It is known as role chaining.
     
  • Delegation:  The delegation is the granting permissions to someone to allow access to resources you control. It involves setting up a trust between two accounts.
     
  • Federation: The Federation is the creation of a trusting relationship between an external identity provider and AWS. Users can sign up via external web identity providers like Amazon, Google, and Facebook.
     
  • Federated user: The federated users are the existing identities from AWS Directory Service, your enterprise user directory, or a web identity provider.
     
  • Trust Policy:  It is a JSON policy document to define who can use the roles.
     
  • Permissions policy: A permission policy is a permissions document in JSON format that defines what actions and resources the role can use.
     
  • Permissions boundary: Permissions boundary is an advanced feature in roles. It uses the permission role to limit the maximum permissions that an identity-based policy can grant.
     
  • Principle: It is an entity in AWS that can perform actions and access resources. It can be an AWS account root user, an IAM user or a role.
     
  • Role for cross-account access: It is a role that grants access to resources in one account to a trusted principal in a different account.

IAM Roles Use Cases

There are two ways by which we can use the roles.

  • IAM Console: While working in the IAM Console, if IAM users want to use the role, they can temporarily access its permission by giving up their original role permission.
    The original permission are restored when IAM users exit the role.
     
  • Programmatic Access: An AWS Service can use role by requesting security credentials temporarily using the programmatic requests to the AWS.
     

We can also use the IAM Roles in the following ways,

  • IAM Users
     
  • Applications and Services
     
  • Federated Users

Some Cases of Roles

Following are some cases of the role:

  1. It provides access to an AWS Service.
     
  2. It is used to switch to a role as an IAM user in one AWS account to access another account that you own.
     
  3. It provides access to the third party. When third parties want to access the AWS resources, they can use roles to delegate access to them without sharing security credentials.
     
  4. It provides access to externally authenticated users. Like,
  • Web-Identity federation: Users do not require custom sign-in or user identities. Users can use any external identity provider like Amazon, Google, Facebook etc. 
     
  • SAML: SAML stands for Security Assertion Markup languageSAML Based federation is an open framework that many identity providers use. It provides single sign-in to access the AWS Management console.

Create an IAM Roles

  • Log in to the AWS Management Console by clicking on  https://console.aws.amazon.com/iam/.
     
  • Choose Roles and then choose Create role in the console's navigation pane.
     
  • Select  AWS account role type.
     
  • If you want to create a role for your account, choose This account. Otherwise, choose Another AWS account.
     
  • If you have chosen Another AWS account, enter the Account ID you want to grant access to. If you are giving permissions to users from an account that you do not control, select Require external ID. Suppose you want to restrict the role to users who sign in with multi-factor authentication (MFA), select Require MFA. 
     
  • Choose Next.
     
  • Select Create policy to create a new policy from scratch. 
     
  •  After creating the policy, select the check box next to the permissions policies you want anyone who assumes the role to have. 
     
  • Set a permissions boundary.
     
  • Open the Set permissions boundary section and choose Use a permissions boundary to control the maximum role permissions and select the policy to use for the permissions boundary.
     
  • Choose Next.
     
  • For choosing a role name, enter a name for your role. 
     
  • Enter a description for the new role.
     
  • Choose Edit in Step 1: Select trusted entities, and Step 2: Add permissions sections to edit the use cases and permissions for the role.
     
  • Add metadata to the role by attaching tags as key-value pairs.
     
  • Choose to Create role.

Frequently Asked Questions

What do you mean by IAM?

IAM stands for Identity and Access Management. AWS IAM is a service that offers secure access control mechanisms for all of your AWS services and, in some cases, resources. It is the heart of security.
 

What are the primary elements in AWS IAM identity management?

The AWS IAM identity management consists of:

  • Users
  • Groups
  • Roles
  • Policy
     

What is the IAM Roles in AWS?

AWS Identity and Access Management (IAM) roles provide a way to access AWS by relying on temporary security credentials.
 

What are different IAM Roles?

There are three different IAM Roles:

  • Basic roles
  • Predefined roles.
  • Custom roles.

Conclusion

In this article, we have extensively discussed the AWS IAM Roles.

We started with the basic introduction, and then we discussed

  • What is the IAM Roles
  • Roles Terms and Conditions
  • IAM Roles Use cases
  • Some Cases of Roles
  • How to create the IAM Role 
     

We hope that this blog has helped you enhance your knowledge regarding AWS IAM Roles and if you would like to learn more, check out our articles on AWS Data Science Certification and AWS Interview Questions. Do upvote our blog to help other ninjas grow.

Head over to our practice platform Coding Ninjas Studio to practice top problems, attempt mock tests, read interview experiences, follow our guided paths, and crack product based companies Interview Bundle.

Happy Reading!

Previous article
AWS Identity and Access Management (IAM) Fundamentals
Next article
Security & Compliance Concept in AWS
Live masterclass