AWS Networking & IAM
AWS LB & Route53
AWS IAM
In AWS, *users* and *roles* are two distinct concepts that serve different purposes in managing access and identity.
AWS User
- *Definition*: An AWS user is an entity that represents a person or application that interacts with AWS resources.
- *Characteristics*:
- Users have long-term credentials (access keys or passwords) that can be used to access AWS resources.
- Users can be assigned permissions directly through policies.
- Users can be part of groups, which can simplify permission management.
AWS Role
- *Definition*: An AWS role is an identity that can be assumed by an entity (user, application, or service) to perform specific tasks.
- *Characteristics*:
- Roles do not have long-term credentials; instead, they provide temporary security credentials.
- Roles are assumed by entities to gain specific permissions for a limited time.
- Roles can be used to delegate permissions without sharing long-term credentials.
Key Differences
- *Purpose*: Users are identities with long-term access, while roles are temporary identities for specific tasks.
- *Credentials*: Users have long-term credentials, while roles provide temporary credentials.
- *Usage*: Users are typically used for human identities or applications that require persistent access, while roles are used for temporary access or delegation of permissions.
When to use each:
- *Users*: For administrators, developers, or applications that require long-term access to AWS resources.
- *Roles*: For temporary access, delegation of permissions, or cross-account access.
Would you like more information on AWS IAM or best practices for managing users and roles?
Comments
Post a Comment