IAM roles are similar to users, in that they can have a policy attached to them, but they can be attached by anyone who needs access in a trusted entity. In that way, you can delegate access to users, applications, or services without having to give them a new AWS key, as they could use the temporary security tokens through this trusted entity. For example, you could grant a third-party read access to an S3 bucket and nothing else within your AWS environment without actually having to share any keys and purely using the roles:
IAM roles
Get Building Serverless Microservices in Python now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.