An Identity and Access Management (IAM) role is a set of permissions that define what actions are allowed and denied by an entity in AWS. Roles are intended to be assumable by anyone who needs them, such as an AWS service, a user, or an application, instead of being directly attached to a specific user.