Is There a Difference between an IAM Role and an IAM Access Key?

Question
Is there a difference between an IAM role and an IAM access key?

Answer
Yes. To summarize this article, IAM users are for humans and IAM roles are for AWS components (such as S3 buckets and EC-2 instances). As a less significant difference, you do not rotate IAM roles (according to this medium.com post).

An access key is like a username; it will need a secret key that is associated with it for authentication.

An IAM role associates a service in AWS (e.g., an EC-2 instance) with authorization to access various other services (e.g., S3 buckets). For typical AWS administration there would be no password associated with an IAM role. An access key would have a secret access key ID that would be needed to authenticate a user (e.g., to run some AWS CLI commands).

To learn about the difference between IAM keys and IAM roles, read this article and see this video.


(IAM keys are AWS access keys. We know this because "[a]ccess keys are long-term credentials for an IAM user or the AWS account root user." (The quote was taken from this Amazon page.)

Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html

Leave a comment

Your email address will not be published. Required fields are marked *