Administering access rights with IAM > Introduction > IAM Role

IAM Role

IAM Role is a feature that enhances security on AWS. An IAM Role can be temporarily assigned to IAM Users and AWS resources either internally or externally to your account. Suppose, when an IAM User assumes an IAM Role, that IAM User will temporarily acquire the rights of that IAM Role. You should use the IAM Role when you want to provide short-term access to an IAM User or AWS resource.

For an IAM User to accept an IAM Role, the IAM Role itself needs to allow the User to perform a trust policy.

An important feature is that the IAM Role has no credentials, so you won’t be able to log into your AWS account directly using the IAM Role.

AWS IAM

One of the security practices is to restrict the granting of permissions that directly affect the system to the IAM User. The IAM User will have to switch roles to be able to perform important tasks.