assume roles in aws
In my experience, handling security access rights is a complex thing. From talking to others about working with access roles in their applications I’ve heard the same thing.
AWS too has complex ways to handle access permissions. It is first required to pass AWS authentication via:
- account root user
- IAM user
- IAM role
Before then having access controls or authorization to use AWS resources. There are permissions that can be defined at
- identity based level
- resource based level
In recent months, I have had to use assumed roles. It is a way to use IAM roles to delegate access to AWS resources.
When using AWS either through the CLI or SDK, there is a hierarchy of ways that AWS will look for and use credentials, but by default AWS will look at the credentials file stored on your machine first. It is found here on a Linux machine:
~/.aws/credentials
Here is how I configured my credentials use an assumed role:
(config to be added)