I’m confused about the IAM resources, specifically I’m not sure how the followings differ and relate to each other:
2. User Group
1. User – defines "who" can access your resources
2. User Group – a way to group users so the same permissions/policies can be applied to all users at once
3. Role – defines "what" a user can access; typically used for short-term access
4. Policy – defines "what" a user can access; typically used for longer-term access
@Ömer, also, with Roles, it’s "what a users OR service (e.g EC2) can access.
"You can use roles to delegate access to users, applications, or services that don’t normally have access to your AWS resources. For example, you might want to grant users in your AWS account access to resources they don’t usually have, or grant users in one AWS account access to resources in another account." ref: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html