Temporary credentials

There are scenarios where you would want an entity to access resources in your AWS account temporarily and you do not want to create and manage credentials for them. For such scenarios, IAM offers the roles feature. Roles could be assumed by identities. IAM manages credentials for roles and rotates these credentials several times in a day. We will look at roles in detail in our IAM authentication section in this chapter.

You could access IAM in the following four ways:

• AWS Management Console
• AWS command line tools
• AWS software development kits
• IAM HTTPS API

Let us look at these options in detail: