Table of Contents
What are the main differences between an IAM user and an IAM role in AWS?
An IAM user has permanent long-term credentials and is used to directly interact with AWS services. An IAM role does not have any credentials and cannot make direct requests to AWS services. IAM roles are meant to be assumed by authorized entities, such as IAM users, applications, or an AWS service such as EC2.
What is an IAM service role?
An AWS Identity and Access Management (IAM) role is similar to a user, in that it is an AWS identity with permissions policies that determine what the identity can and cannot do in AWS. A service role is a role that an AWS service assumes to perform actions on your behalf.
What is AWS service-linked?
Service-linked roles provide a secure way to delegate permissions to AWS services because only the linked service can assume a service-linked role. Additionally, AWS automatically defines and sets the permissions of service-linked roles, depending on the actions that the linked service performs on your behalf.
Can an IAM role assume another role?
To allow an IAM Role to assume another Role, we need to modify the trust relationship of the role that is to be assumed. This process varies depending if the roles exist within the same account or if they’re in separate accounts.
What are different ways to access AWS services?
How to Access the AWS Management Console Using AWS Microsoft AD and Your On-Premises Credentials
- Background.
- Prerequisites.
- Solution overview.
- Step 1 – Create an access URL.
- Step 2 – Enable AWS Management Console access.
- Step 3 – Assign on-premises users and groups to IAM roles.
- Step 4 – Connect to the AWS Management Console.
What is user role and policy in AWS?
A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when an IAM principal (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied.
What is service role?
A role that a service assumes to perform actions on your behalf is called a service role. When a role serves a specialized purpose for a service, it is categorized as a service role for EC2 instances (for example), or a service-linked role.
What is service principal AWS?
Principal. A principal is a person or application that can make a request for an action or operation on an AWS resource. The principal is authenticated as the AWS account root user or an IAM entity to make requests to AWS. As a best practice, do not use your root user credentials for your daily work.
What is an AWS service principal?
How do you assume an AWS role from another AWS role?
Navigate to IAM > Roles and click on Create New Role. Select Another AWS account, and provide Account ID, and click on Next:Permissions. Enter the AWS account ID of the AWS account which can assume this role.