- IAM Roles: An IAM role is an IAM identity with permission policies that determine what the identity can and cannot do in AWS. Roles are intended to be assumable by anyone or anything (like an EC2 instance) needing them.
- IAM Policies: Policies are documents that define permissions. They can be attached to users, groups, or roles to specify what actions are allowed or denied on AWS resources.
Example Policy JSON:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket"
}
]
}