IAM Role

An IAM role is an identity with permissions assumed by users or services for temporary access.

Updated: 2026-03-05

Definition

An IAM role defines a set of permissions that can be assumed by a principal (user, service, workload) without sharing long-lived credentials.

Roles are preferred for applications because they support temporary credentials and better security.

Key points

Temporary credentials (safer than long-lived keys)
Use for workloads/services
Can be assumed cross-account

Common mistakes

Using access keys in code instead of roles.
Over-permissioned roles used by many services.

Related exams

AWS Certified Solutions Architect – Associate (SAA-C03)

Free SAA-C03 mini test. Continue in the app for offline packs and detailed explanations.

Related terms

Want to practice this in exam-style questions?

Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.