Back to Course

Incident Response with CloudTrail and Athena

0% Complete
0/0 Steps
Lesson 50 of 49
In Progress

What are IAM roles?

Christophe January 24, 2024

Because we’re going to be using multiple different roles in this course, I want to make sure that you are familiar with and understand what IAM roles are and how they can be used.

If you already know what roles are then please feel free to skip to the next lesson. This lesson is for learners who have never used them and need a quick introduction.

What are IAM roles?

A role is actually quite similar to a user. It’s an identity with permission policies that determine what that role can and cannot do in AWS. The major difference compared to a user, is that a role does not have a password or access keys that someone can use to authenticate through. Instead, a role is intended to be assumable by anyone who needs it and who has the permissions to assume it.

For example, user can assume a role temporarily to take on a different set of permissions in order to perform a specific task.

Typically a role can be assumed by user who belongs in the same AWS account. However, it can also be assumed by user in a different AWS account than the role or even by a web service offered by AWS, such as an Amazon EC2 instance. A role can even be assumed by an external user who is authenticated by an external identity provider service.

Using roles

There are many different ways that we can use roles in AWS, but for the context of this course, we’re going to use them as part of our incident response playbooks. We will first authenticate as a user, but then we’ll take on these different roles to perform security analysis, to contain the threat, to eradicate the threat, etc…

As a general rule of thumb, you want to limit providing permissions directly to users in AWS. Instead, you want your users to get permissions by assuming roles.

  1. This gives you better control over least privileges
  2. This gives you better visibility for logging, monitoring, and auditing

So even if you have a user that does multiple jobs in your organization, it’s preferable to give them access to multiple roles instead of attaching multiple policies to that one user.

Conclusion

This will start to make more sense as we talk more about the roles that we’re going to create and how to create them.

However, if you have zero experience working with IAM Roles, I would highly recommend that you pause here and complete this pre-requisite course instead: Practical Guide to AWS IAM Roles. It will be a short detour that will teach you valuable skills and that will help a lot with this course.

Otherwise, let’s complete this lesson and move on to the next.

Responses

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.