Zaidi ya IAM ya msingi, kuelewa roles (utambulisho uliochukuliwa), aina za policy na tathmini (jinsi ruhusa zinavyoamua), na mifumo kama access kati ya akaunti na service roles ni muhimu kwa usimamizi wa access wa AWS ulio salama na umefanywa vizuri.
Roles kwa kina — nani anachukulia nini
A ROLE has TWO key policies:
TRUST POLICY → WHO can assume the role (which principals: a service, account, user)
PERMISSION POLICIES → WHAT the role can do once assumed
Use cases:
→ SERVICE roles — an EC2/Lambda assumes a role to access AWS (no embedded keys)
→ CROSS-ACCOUNT — account B's role trusts account A → A's users assume it (controlled access)
→ FEDERATION/SSO — external identities assume roles (temporary credentials)
→ Roles give TEMPORARY credentials (auto-rotated) — far safer than long-lived keys.
