Role Management Using Identity and Access Management (IAM)
Role Management Using Identity and Access Management (IAM)
In Amazon Web Services (AWS), we define a set of permissions that control the degree to which a user can make changes within the services. These permissions set boundaries for the user and strictly constrict them to do the allowed task and not interfere with other services.
An AWS role is a collection of permissions that gives users access to AWS operations and resources. These permissions are associated with the role rather than with an IAM user or a group.
There are three major roles in IAM:
- Basic roles: These roles include the owner, editor, and viewer roles that exist already.
- Predefined roles: These roles provide high-level access to a particular service.
- Custom roles: These roles provide high-level access relative to a user-designed list of permissions.
In this Cloud Lab, you’ll assign custom roles to instances.
Lab Tasks
- Create a Role
- Create an EC2 Instance
- Verify the Policy through the EC2 Instance
- Clean Up
Architecture diagram
The following is the high-level architecture diagram of how to manage a role using AWS IAM service:
