What are common use cases for IAM Roles?

← Prev Question Next Question →

Play Quiz Game >

Please log in or register to answer this question.

1 Answer

answered Jun 3 by kvdevika (149k points)

Here are some common use cases:

EC2 instances can be assigned a role that allows them to access S3 buckets without embedding access keys in the instance.

EC2 Instances Accessing S3:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::example_bucket/*"
    }
  ]
}

Cross-Account Access:

Allowing a user in one AWS account to access resources in another account.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789012:root"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

3. Lambda Functions Accessing RDS:

Lambda functions can assume roles that allow them to interact with RDS databases.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "rds:*"
      ],
      "Resource": "*"
    }
  ]
}

4. Delegating API Access:

Granting third-party applications access to AWS resources through an API.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "execute-api:Invoke",
      "Resource": "arn:aws:execute-api:us-west-2:123456789012:example-api/*"
    }
  ]
}

5. CodeBuild Accessing Secrets Manager:

CodeBuild projects can access secrets stored in Secrets Manager.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "secretsmanager:GetSecretValue"
      ],
      "Resource": "*"
    }
  ]
}

← Prev Question Next Question →

Find MCQs & Mock Test

Categories

...