ਮੁਢਲੇ IAM ਤੋਂ ਪਰੇ, roles (assumed identities), policy types ਅਤੇ evaluation (ਕਿਵੇਂ permissions ਨਿਰਧਾਰਿਤ ਹੁੰਦੀਆਂ ਹਨ), ਅਤੇ patterns ਜਿਵੇਂ cross-account access ਅਤੇ service roles ਨੂੰ ਸਮਝਣਾ AWS ਲਈ secure, well-architected access management ਲਈ ਮਹੱਤਵਪੂਰਨ ਹੈ।
ਡੂੰਘਾਈ ਨਾਲ Roles — ਕਿਹ ਕੀ ਮੰਨਦਾ ਹੈ
A ROLE has TWO key policies:
TRUST POLICY → WHO can assume the role (which principals: a service, account, user)
PERMISSION POLICIES → WHAT the role can do once assumed
Use cases:
→ SERVICE roles — an EC2/Lambda assumes a role to access AWS (no embedded keys)
→ CROSS-ACCOUNT — account B's role trusts account A → A's users assume it (controlled access)
→ FEDERATION/SSO — external identities assume roles (temporary credentials)
→ Roles give TEMPORARY credentials (auto-rotated) — far safer than long-lived keys.
