Body
Overview
You can use roles to allow resources in your account to connect to other resources.
Table of Contents
Permissions in AWS are managed with IAM policies. When you add a user to your account, they will usually have the permissions they need. However, you may need to adjust permissions for resources. You can manage permissions using the IAM service. You can assign IAM policies to roles or directly to resources. Since we are using single sign on, you will not be able to create users and groups in your account.
Roles are usually used to allow resources, such as EC2 instances, the ability to connect to other resources, such as an S3 bucket. By default, resources in AWS cannot communicate with each other. Another use case would be to allow an application running in an EC2 instances access to an API gateway in AWS.
Here are some helpful tutorials from AWS on creating and managing roles.