An IAM Role in AWS is a secure identity with specific permissions that define what actions are allowed or denied. Unlike users, roles are not tied to a single person; instead, they can be assumed by trusted entities such as AWS services, applications, or users. This makes roles useful for granting temporary access, enabling cross-account permissions, and following the principle of least privilege.
Fields
| Title | ID | Type | Data Type | Description |
|---|
| _key | core | string | |
| account_id | core | string | |
| arn | core | string | The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide guide. |
| assume_role_policy_document | core | string | The policy that grants an entity permission to assume the role. |
| attached_policies | core | json | A list of the attached policies. |
| create_date | core | timestamp | The date and time, in ISO 8601 date-time format, when the role was created. |
| description | core | string | A description of the role that you provide. |
| max_session_duration | core | int64 | The maximum session duration (in seconds) for the specified role. Anyone who uses the CLI, or API to assume the role can specify the duration using the optional DurationSeconds API parameter or duration-seconds CLI parameter. |
| path | core | string | The path to the role. For more information about paths, see IAM identifiers in the IAM User Guide. |
| permissions_boundary | core | json | The ARN of the policy used to set the permissions boundary for the role. For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide. |
| role_id | core | string | The stable and unique string identifying the role. For more information about IDs, see IAM identifiers in the IAM User Guide. |
| role_last_used | core | json | Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM user Guide. |
| role_name | core | string | The friendly name that identifies the role. |
| role_policy | core | json | |
| tags | core | hstore | |
