If a AWS IAM Policy is directly assigned to a AWS User rather than to a AWS Role, then what's the use of the AWS Role?

Question

If a AWS IAM Policy is directly assigned to a AWS User rather than to a AWS Role, then what's the use of the AWS Role ?

score 0 · Answer 1 · edited Sep 02 '23 at 07:32

AWS IAM Policy can be used to grant permission to a IamUser to access AWS services and resources; however, it can't be used on AWS resources such as EC2 instance directly. For example, if you need your ec2 instance to be able to access S3, you will need to create a role with full s3 access.

Note: IAM Roles manage who has access to your AWS resources, whereas IAM policies control their permissions. A Role with no Policy attached to it won't have to access any AWS resources.

If a AWS IAM Policy is directly assigned to a AWS User rather than to a AWS Role, then what's the use of the AWS Role?

1 Answers1