IAM role
An IAM role is an AWS identity. Every IAM role has its own permission policy that defines what that role can do and what it cannot do. It is like an IAM user without a password or an access key and a secret key. An IAM policy can be associated with an IAM user or group, whereas an IAM role cannot be associated with a user or a group. It can be assumed by a user, application, or service to delegate access to an AWS resource within the same or another account. It dynamically generates a temporary access key and secret key, which can be assumed by an entity for authentication. Once a role is assumed, an entity can make API calls to AWS services permitted to the role assumed by the entity.
For example, a role can be assigned to an EC2 instance with permission to access DynamoDB and RDS databases. An application hosted on the EC2 can assume the role and make API calls to access DynamoDB or databases on RDS.
Similarly, if you want to allow your web or mobile application to access AWS resources...
