Unlocking AWS IAM: Understanding Users and Roles

Farooq ButtFarooq Butt
1 min read

Analogy: School Play

  • IAM User → Students
    An IAM user is like a student in the school play. They are real people with a permanent identity.

  • IAM Role → Costume
    An IAM role is like a costume that a student (or another identity) can put on. When they put it on, they “assume” that role and temporarily take on its powers.

Policies Explained

  • IAM User has a Permission Policy
    This tells what the student (user) is allowed to do in the school.

  • IAM Role has two policies:

    • Permission Policy: What the student can do once they wear the costume.

    • Trust Policy: Who is allowed to wear that costume in the first place.

In Simple Words

  • Trust Policy = Who can wear the costume

  • Permission Policy = What they can do while wearing it

IAM Users don’t need a trust policy because they are already “real” trusted identities in AWS. Roles, however, need it, since you want to control who is allowed to step into that costume.

I regularly post about cloud, networks, AI & security. Follow Farooq Butt to stay updated on recent developments.

0
Subscribe to my newsletter

Read articles from Farooq Butt directly inside your inbox. Subscribe to the newsletter, and don't miss out.

IAMAWS IAMiam role in awsIAM usersAWSidentity-management#cybersecurityowasp

Written by

Farooq Butt
Farooq Butt

Cloud, networks, AI & security—applied. Short, practical posts for practioners who want real configs, examples, guardrails, and measurable savings.