- 最新
- 投票最多
- 评论最多
An IAM role is very similar to a user, in that it is an identity with permission policies that determine what the identity can and cannot do in AWS. However, a role does not have any credentials (password or access keys) associated with it.
IAM Policies determine what actions a user, role, or member of a user group can perform, on which AWS resources, and under what conditions.
For more information regarding IAM Identities, I recommend you to take a look to the following documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html
You attach IAM policies (which contain a set of permissions) to an IAM Role. Therefore, a single IAM roles can have multiple IAM policies in it. Lastly, a user can "assume" an IAM Role, meaning it will inherit automatically the policy or policies attached to that Role.
IAM Role in AWS is a type of IAM identity that can be authorised to access an AWS resource, whereas an IAM policy defines the permissions of the IAM identity. An IAM Role with no IAM Policy attached to it, won’t have to access any AWS resources. An IAM Policy that is not attached to an IAM Role is of no use. Permissions listed in an IAM policy are only enforced when that policy is attached to an IAM Role identity.
For more information on IAM roles and policies, please refer the following documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
相关内容
AWS 官方已更新 2 年前- AWS 官方已更新 3 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
