WKLD.01 – Use IAM roles for compute environment permissions

In AWS Identity and Access Management (IAM), a role represents a set of permissions that can be assumed by a person or service for a configurable period of time. Using roles eliminates the need to store or manage long-term credentials, significantly reducing the chance of unintended use. Assign an IAM role directly to Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS Fargate tasks and services, AWS Lambda functions, and other AWS compute services whenever supported. Applications that use an AWS SDK and run in these compute environments automatically use the IAM role credentials for authentication.

The approach and instructions for using IAM roles for each service can be found in the AWS Documentation for the service. For example, see the following:

IAM roles for Amazon EC2 (Amazon EC2 documentation)
IAM roles for tasks (Amazon Elastic Container Service documentation)
Lambda execution role (Lambda documentation)

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Securing your workloads

WKLD.02 – Use resource-based policies