With IAM roles, enterprises can establish trust relationships between the trusting account and other AWS trusted accounts.

FREMONT, CA: An IAM identity that enterprises can create in their account has specific permissions. Roles and users are AWS identities with permissions policies that decide what the identity can and cannot do in AWS. However, instead of being associated with one person, a role is intended to be assumable by anyone who requires it. Also, a role does not have long-term credentials like password or access keys associated with it. Instead, when enterprises assume a role, it offers firms temporary security credentials for the role session.

When an AWS service requires access to other AWS services or functions, firms can create a role that will give that access. This application is commonly referred to as a cross-account role pattern. This enables human or machine IAM principals from other AWS accounts to assume this role and act on this account's resources. An IAM role's makeup is the same as an IAM user and is differentiated by certain qualities.

An IAM role will not have long-term credentials related to it; rather, a principal assumes the IAM role and inherits the permissions related to that role. The tokens issued when a principal prescribes an IAM role is temporary. Their expiration lessens the risks related to credentials leaking and being reused. An IAM role will have a trust policy that defines which conditions must be met to let other principals assume it. This trust policy mitigates the risks associated with privilege escalation.

A permissions boundary is an innovative feature for leveraging a managed policy to set the maximum permissions that an identity-powered policy can give to an IAM entity. An entity's permissions boundary lets it perform only the actions enabled by both its identity-based permission policies and its permissions boundaries. IAM policies that might well be frugal in their use of policy language might also be complex to read, interpret, and update other IAM administrators in the future. Keeping the trust policies simple helps to develop IAM relationships everyone understands and can manage and use effectively.

See also: Top AWS Companies