An IAM role is a cloud identity that grants permissions without using long-lived static keys. Instead of being tied to a single person or machine, a role can be assumed by a user, service, workload, or automation task to receive temporary credentials. This makes roles a common way to enforce least privilege in AWS and other cloud systems.
IAM roles matter because stolen static keys can be reused for a long time, while role-based access is often shorter lived and easier to rotate or revoke. In attacks, adversaries may try to steal credentials that can assume a role, then use the resulting permissions to reach storage, deployment tools, or clusters. In defense, teams limit each role’s scope, require strong trust policies, and monitor role assumption events for unusual activity.