AWS Certified Solutions Architect - Associate (SAA-C02)

Sign Up Free or Log In to participate!

Why are roles temporary?

Context: In the ‘Using Roles’ lesson under EC2.  If roles exist to prevent hard coding creds/access, why would you want a role to disappear?  Am I missing something simple?

1 Answers

I think what is meant by this is that the credentials that a role provides are temporary, unlike credentials that you generate through IAM. To use a role, something assumes the role (ie, a user or service). When assumed, the role provides credentials that are a temporary. The role itself (as it exists in IAM) is as permanent as other structures in IAM. … They are used so that the access that is permitted is not tied directly to accounts/resources that may change, but to the roles, which are then assumed by users/services.

Note: I’ve updated this answer because I made the mistake of answering before reminding myself of the terminology used in the exam. I originally took issue with the notion that using roles prevents hard-coding access keys, but I was mistaken. I knew better, but still presented mistakenly. Roles do prevent hard-coding access keys. The confusion for me was that I’ve seen role names themselves being hard-coded (into source code). I’m not sure that hard-coding into source-code like that is ever a sustainable approach.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?