IAM Role in AWS

In AWS IAM Roles are similar to IAM Users in that they can have policies and permissions attached to them. However, they cannot be authorized (login) and they do not really have the policies etc attached to them. They appear to have them but underneath, those policies flow down the the actual users beneath.

The idea is that Roles will help you to group users together and also that they can help you in temporarily granting a level of access or permission to a user and give you an easy way to revoke that.

What is the use of IAM Role in AWS

You might create an IAM role in AWS if you want to give all users on project x permissions on the objects that are used for that project, Then if a user moves teams, you can take that role of them and assign them another one without disrupting the rest of the team.

This allows you to add permissions for the whole team in one place and have it automatically passed to everyone that needs it.

How to create IAM Role in AWS

It is straightforward to create an IAM role in AWS. Instructions can be found here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html

Essentially though, you navigate to the IAM section in the console, choose roles then create role

How to get IAM Role in AWS

You can retrieve the IAM roles in an account from the IAM section of the console under the roles section.

It is also possible to get roles and information on them from the CLI

There are two particularly useful commands

List-roles – this will list the roles in an account based on various options that you can specify.


[--path-prefix <value>]
[--max-items <value>]
[--cli-input-json <value>]
[--starting-token <value>]
[--page-size <value>]
[--generate-cli-skeleton <value>]

Get-role – This will retrieve more information on a specified role name.


--role-name <value>
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]

How to create IAM Role in AWS cli

Creating an IAM role in aws via the cli is easy. The command that you will need is create-role.

Detailed information can be found here:


[--path <value>]
--role-name <value>
--assume-role-policy-document <value>
[--description <value>]
[--max-session-duration <value>]
[--permissions-boundary <value>]
[--tags <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]

How to delete IAM Role in AWS

You can delete a role in AWS using the console and by navigating to  the roles section under IAM.

You can also delete IAM roles using the CLI. Doing so is straigt forward but you do need ot make sure that nothing that you need is using that role for access. You can follow the instructions here:


How to find IAM Role in AWS

Its in the console under IAM and then ROles.

You can do it quickly if you have cli access with the command list-roles:


Steps to create IAM Role in AWS

How to export IAM Role in AWS

Leave a Comment