0PricingLogin
AWS Security Academy · Lesson

What an IAM Role Really Is

Learn how roles grant temporary permissions without fixed keys.

Roles vs Users

An IAM role is an identity you can assume to receive a set of permissions, but unlike a user it has no permanent credentials. Instead, when an entity assumes a role, AWS issues temporary security credentials that expire after a set time. Roles are the secure, modern way to grant access on AWS and appear throughout the SCS-C02 exam.

What Makes a Role

Every role has two policy parts:

  • A trust policy (also called the assume-role policy) that says who is allowed to assume the role.
  • One or more permission policies that say what the role can do once assumed.

This separation is the heart of how roles enable secure delegation: you decide who may borrow the identity and, separately, what that identity may do.

All lessons in this course

  1. Comparing IAM Users and Groups
  2. What an IAM Role Really Is
  3. Trust Policies and Who Can Assume
  4. Instance Profiles for EC2 Workloads
← Back to AWS Security Academy