☁️
AWS Solutions Architect Associate SAA-C03 Study Notes/
🔶
AWS Identity and Access Management (IAM)/
🔷
IAM Roles for Services
🔷

IAM Roles for Services

  • Certain AWS services must perform actions on your behalf, requiring permissions granted via IAM Roles.
  • A role defines a set of permissions that a service can assume to interact with other AWS resources.
  • Common examples include:
    • EC2 Instance Role – Allows an EC2 instance to access AWS services (e.g., S3, DynamoDB) without storing credentials on the instance.
    • Lambda Execution Role – Grants a Lambda function permissions to access resources like S3 buckets, DynamoDB tables, or CloudWatch logs.
    • CloudFormation Service Role – Enables CloudFormation to create, update, or delete AWS resources as defined in templates.
  • Roles improve security by avoiding hardcoded credentials and allowing temporary, automatically rotated credentials through AWS STS.