DevOps Glossary

AWS IAM Role is an identity in Amazon Web Services with permissions that a trusted service, user, application, CI/CD job, Kubernetes workload, or external identity can assume to access AWS resources temporarily. IAM stands for Identity and Access Management, and an IAM role is managed through AWS IAM. Unlike an IAM user, a role has no long-term password or access keys; AWS issues short-lived credentials after the requester matches the role’s trust policy. A role usually includes a trust policy that defines who can assume it and one or more permission policies that define what actions are allowed, such as reading from an S3 bucket, writing logs to CloudWatch, or deploying infrastructure with AWS CloudFormation. Common uses include granting EC2 instances access to S3, letting Lambda functions call other AWS services, allowing CI/CD pipelines to deploy safely, and giving teams controlled access across AWS accounts.