Using IAM in production environments - AWS Prescriptive Guidance

Using IAM in production environments

For production environments it is best practice to use IAM roles instead of access keys. The IAM role generates and rotates the temporary keys. Applications that run on AWS are authenticated and authorized to use AWS resources securely and seamlessly.

Example use case

Consider a scenario where your application calls an AWS Lambda function and that function accesses the Amazon DynamoDB table to perform create, read, update, delete (CRUD) operations and to add logs to Amazon CloudWatch. The following diagram illustrates this example. The Lambda function requires permissions to access the DynamoDB table and CloudWatch Logs. To grant these permissions, add an execution role when you create the Lambda function.

Using IAM roles for authentication in .NET Framework application development

Resources