AWS Certified Cloud Practitioner

Sign Up Free or Log In to participate!

What is the difference between IAM resources?

I’m confused about the IAM resources, specifically I’m not sure how the followings differ and relate to each other:

1. User

2. User Group

3. Role

4. Policy

1 Answers

Hi Ömer,

1. User – defines "who" can access your resources

2. User Group – a way to group users so the same permissions/policies can be applied to all users at once

3. Role – defines "what" a user can access; typically used for short-term access

4. Policy – defines "what" a user can access; typically used for longer-term access



@Ömer, also, with Roles, it’s "what a users OR service (e.g EC2) can access.


"You can use roles to delegate access to users, applications, or services that don’t normally have access to your AWS resources. For example, you might want to grant users in your AWS account access to resources they don’t usually have, or grant users in one AWS account access to resources in another account." ref:

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?