AWS IAM

Groups vs Users vs Roles vs Policies

Groups vs Users

Dave

MIT

CDE

Devs

Alice

Sarah

Bob

Policies

The permissions of an identity or resource. 

Roles

Users/Groups are about identity. Roles are about temporary activity/rights.

Role caveats

  • A user can assume a role
  • But a group cannot assume a role
  • To allow a group to assume a role, we need policies
  • Why is it so complicated? Why do we need roles when we have policies? 
  • Because CTM has many accounts - main, prod, non-prod. To take action across accounts, we need roles. 

Confusing AWS concepts

By Tom Dane

Confusing AWS concepts

  • 498