AWS IAM

Groups vs Users vs Roles vs Policies

Groups vs Users

Dave

MIT

CDE

Devs

Alice

Sarah

Bob

Policies

The permissions of an identity or resource.

Roles

Users/Groups are about identity. Roles are about temporary activity/rights.

Role caveats

A user can assume a role
But a group cannot assume a role
To allow a group to assume a role, we need policies
Why is it so complicated? Why do we need roles when we have policies?
Because CTM has many accounts - main, prod, non-prod. To take action across accounts, we need roles.

Made with Slides.com