WKLD.01 Use IAM roles for compute environment permissions

In AWS Identity and Access Management (IAM), a role represents a set of permissions that can be assumed by an IAM user, an AWS service, or a federated identity for a configurable period of time. Using roles removes the need to store or manage long-term credentials, which reduces the chance of unintended use. Assign an IAM role directly to Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS Fargate tasks and services, AWS Lambda functions, and other AWS compute services that support IAM roles. Applications that use an AWS SDK and run in these compute environments automatically use the IAM role credentials for authentication.

For instructions on using IAM roles with services, see the following documentation:

IAM roles for Amazon EC2 in the Amazon EC2 documentation
IAM roles for tasks in the Amazon Elastic Container Service (Amazon ECS) documentation
Lambda execution role in the AWS Lambda documentation
For other AWS compute services, refer to the Security section of the AWS service documentation.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Securing your workloads

WKLD.02 Restrict credential usage scope with resource-based policies