I am watching the "Understanding IAM Permissions" lesson. I don’t understand the difference between roles and groups, they look the same to me. Can you please help in clarifying this?
A group by default has no permission, it is used to make users administration easier. Instead of providing a specific permission to each user, you can create a group and assign the permission required to it and then add users into it. Any user added to that group will have the same permission permanently until it is removed from that group
A role is an identity with permission, it is meant to be assumable by anyone who needs it. Example a user, or an application can temporarily assume a specific role to do a specific task