What is the difference between AWS IAM user and role

Below are the difference between IAM user and role.

IAM User:

An IAM user has permanent long-term credentials and is used to directly interact with AWS services . Users can make requests to AWS services using security credentials.

A user is a unique identity recognized by AWS services and applications. Similar to a login user in an operating system like Windows or UNIX, a user has a unique name and can identify itself using familiar security credentials such as a password or access key.

Users can be associated as group , and policies and permission can be associated with IAM groups.

IAM Role:

An IAM role does not have any credentials and cannot make direct requests to AWS services. An IAM role is an IAM entity that defines a set of permissions for making AWS service requests. IAM roles are not associated with a specific user or group

IAM roles are meant to be assumed by authorized entities, such as IAM users, applications, or an AWS service such as EC2.

You can use IAM roles to delegate access to IAM users managed within your account, to IAM users under a different AWS account

You can assume an IAM role by calling the AWS Security Token Service (STS) AssumeRole APIs (in other words, AssumeRole, AssumeRoleWithWebIdentity, and AssumeRoleWithSAML). These APIs return a set of temporary security credentials that applications can then use to sign requests to AWS service APIs.


Leave a Reply