What's the difference between IAM Roles and policies?

+2 votes
What is the difference between IAM Roles and Policies? I know it's probably a stupid doubt but I've recently been introduced to AWS.
Apr 9, 2019 in Cloud Computing by Sonal
12,584 views
Policies are applied to users and groups that belong to a particular AWS account ▫

Roles are applied to users who are generally not a part of your AWS account ▫

Use roles to delegate access to users, applications, and services that do not have access to your AWS resources

2 answers to this question.

0 votes

Hi Sonal, IAM roles define the set of permissions for making AWS service request whereas IAM policies define the permissions that you will require.

Its hard to get confused with these two.

answered Apr 9, 2019 by Abhi
Maybe for you it’s hard to get confused.  But for those of us starting out, it’s as clear as mud.

....IAM policies define the "permissions" that you will require... do you mean "approvals" or "conditions met"?

You can say that. It is basically a user having permissions. IAM roles are like users and policies are like permissions.
0 votes
IAM Roles are defined as a set of permissions that grant access to actions and resources in AWS. An IAM Role can be used by or assumed by IAM User accounts or by services within AWS, and can give access to Users from another account altogether. IAM Roles are similar to wearing different hats in that they temporarily let an IAM User or a service get permissions to do things they would not normally get to do.  These permissions are attached to the Role itself, and are conveyed to anyone or anything that assumes the role. Also, Roles have credentials that can be used to authenticate the Role identity.

You can assign either a pre-built policy or create a custom policy. A policy is something that will be assigned to a role. Admins of the customer environment create an IAM Policy with a constrained set of access, and then assigns that policy to a new Role, specifically assigned to the provider’s Account ID and External ID.  When done, the resulting IAM Role is given a specific Amazon Resource Name (ARN), which is a unique string that identifies the role.
answered Aug 12 by nbavis
• 380 points

Related Questions In Cloud Computing

0 votes
1 answer

What is the difference between cloud computing and distributed computing?

The difference between these two technologies are ...READ MORE

answered Jul 11, 2018 in Cloud Computing by DearestOne
• 200 points
484 views
0 votes
1 answer

What is the difference between cloud computing and distributed computing?

Distributed computing is defined as "A distributed ...READ MORE

answered Jul 24, 2018 in Cloud Computing by Mrunal
• 680 points
219 views
0 votes
1 answer

What is the difference between AWS S3 Bucket Log Vs AWS CloudTrail

Let me give you a few pointers: In ...READ MORE

answered Apr 19, 2018 in Cloud Computing by brat_1
• 7,170 points
573 views
0 votes
1 answer
0 votes
1 answer
+2 votes
3 answers

AWS S3 copy files and folders between two buckets

A simplified example using the aws-sdk gem: AWS.config(:access_key_id ...READ MORE

answered Aug 16, 2018 in Cloud Computing by Priyaj
• 57,680 points
1,880 views
+4 votes
5 answers

How to do parallel uploads to the same s3 bucket directory with s3cmd?

Is your problem is not with the ...READ MORE

answered Oct 11, 2018 in Cloud Computing by findingbugs
• 4,790 points
1,589 views