Always worth a quick refresher on the difference between AWS IAM roles and policies.
In AWS Identity and Access Management (IAM), an IAM role is an AWS identity that you can create and then assign to AWS resources. An IAM policy is a document that defines one or more permissions.
Here are some key differences between IAM roles and policies:
Scope of application: An IAM role is typically associated with a specific AWS resource, such as an Amazon EC2 instance or an AWS Lambda function. In contrast, an IAM policy can be attached to a user, group, or AWS resource.
Purpose: An IAM role is intended to be assumed by an AWS resource, whereas an IAM policy is intended to be attached to a user, group, or resource to specify their permissions.
Assignments: An IAM role is assigned to a resource when it is created, whereas an IAM policy is attached to a user, group, or resource.
Permissions: An IAM role defines the permissions that are allowed for an AWS resource to access other resources in your AWS account. An IAM policy, on the other hand, specifies the permissions that are granted to a user, group, or resource.
Modification: An IAM role cannot be modified directly. Instead, you must create a new role with the desired permissions and then assign it to the resource. An IAM policy, on the other hand, can be modified directly by attaching a new policy to a user, group, or resource.
IAM roles and policies are both important tools for managing access to your AWS resources, but they serve different purposes and are used in different contexts. You can use both IAM roles and policies to fine-tune access to your resources and ensure that only authorized users have access to the resources they need.
That’s it! Hope that’s useful