AWS IAM roles are the role that you assume in AWS to perform specific functions.

we generally want to encourage the use of roles/policies and avoid the creation of local iam users. Local iam users should be centrally manaaged.

---

Machine roles

roles that your app software uses to get programmatic () tasks done.

roles created for processes should not be assumable by humans

EC2 instance roles

"anyone" can create machine roles if the role is constrained by the compute.

---

AWS Roles

AWS Managed Policies

There are AWS managed policies, including "job" function, eg:

• AdministratorAccess
• DatabaseAdministrator
• SystemAdministrator

These are probably useful to use as a guide to create policies for the human roles, including the literal use of AWS manaaged policies for use by their human counterpart.

---

Defined Roles (hybrid of the managed and custom policies, exhibit least privilege)

• DBA
• Security
• Dev
• Build Role
• Production Support Role
• Operations Role

---

Do we want to set up a naming conventions when we create a role?