Control of the access and permissions
Known as AWS STS
15 mins to 36 hours
Similar to a user
Assumed by resources requiring the role
No login credentials
No direct static access keys associated
Allow temporary security credentials
An alternative to credential sharing
No need to define permissions and manage on each entity
Use case: Third-party vendor account access
AWS resource can be launched into roles