Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Professional Question: IAM role vs IAM user

  • Question: IAM role vs IAM user

  • Guillermo Contreras

    December 3, 2023 at 9:28 am

    I don’t agree with the answer on the following question:
    Even though it is always recommended to use a role for temporary credentials rather than fixed credentials for IAM users, you are omitting a rather crutial piece of information: you never defined whether the auditor has either A)an AWS account on their own or B)using an identity provider already integrated with the target accounts. You cannot assume roles on your own without a principal that actually performs the sts:AssumeRole action.

  • Carlo-TutorialsDojo

    December 5, 2023 at 4:00 pm

    Hello Guillermo,

    Thanks for your valuable insight.

    Yes, I agree with you. For the usage of IAM roles to make sense, a trust policy with a valid principal representing the auditor (be it an IAM user or federated user) must be established first. Without specifying the auditor’s origin, creating an IAM user with read permissions could be a viable solution as well.

    We’ll make sure to clarify and refine the wording to remove any confusion.

    Let me know if you have further clarifications.


    Carlo @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018