π§βπ» 05. IAM Roles for Services
Some AWS services need to perform actions on your behalf. To grant these permissions securely, AWS uses IAM Roles.
πΉ What is an IAM Role?β
- An IAM Role is similar to a user, but it does not have long-term credentials.
- Services or applications assume the role to get temporary permissions.
- Roles allow AWS services to perform actions securely without sharing your credentials.
π Common Service Rolesβ
| Service | Role Example | Purpose |
|---|---|---|
| EC2 | EC2 Instance Role | Allows EC2 instances to access S3, DynamoDB, or services or even aws read access |
| Lambda | Lambda Function Role | Grants Lambda functions permissions to interact with other AWS resources |
| CloudFormation | CloudFormation Execution Role | Allows CloudFormation to create and manage resources on your behalf |
βοΈ How Roles Workβ
-
Create an IAM Role with the required permissions.
-
Assign the role to the AWS service (EC2 instance, Lambda function, etc.).
-
The service assumes the role and receives temporary credentials.
-
Actions performed by the service are logged and controlled by the roleβs policies.