Really liked the way you have explained the topic with hands-on and very crisp description .Thank you

This was a great tutorial. I now understand how to assume roles better. Thank you

Great work Rahul! Assume Role: Allow entities in other AWS accounts belonging to you or a 3rd party to perform actions in the this account. Best practice when a third party will assume this role.

What is the difference? Normally you would attach policies in the iam user and now you are saying assumerole. How is this beneficial? People keep saying temporary credentials but no proper example. Take a usecase like onprem Jenkins deploying code to ec2 instance or webapi calling lambda.

Thank you Rahul! Great content! It really helped me a lot, I have gone through your Terraform videos also. I wish you good luck and keep educating us.

Excellent tutorial. Thanks for the detailed explanation. However, we can add that it's not just users who can assume on a role, we also have aws services, applications etc.

this is best explanation to create assume roles

Thanks for such nice video, also when we create a Iam role. In that we can edit the trust relationship and add multiple user's arn in list. Which will be more easy to give the assume role permission to multiple users at once.

hi Rahul,these tutorials helped me a lot ,please make a dedicated video on control Tower as its trending right now and we also got a project to migrate the existing accounts to control tower,you video will help me a lot,thanks in advance

Excellent explanation, though I am a bit confused, rather might I say, trying to understand what would be the best case, real time scenario where STS: Assume Role can be implemented?

Excellent. It answered a critical question fir me, around the type of role. I find the account definition to be a bit misdirecting.

Hey Rahul, For a small organization setup, no need to have 2 separate policies (resource policy & Trust Policy) We can give resource ARN (of who needs to assume this role) in the role trust relationship tab itself like below. Please share your comments.. In your video though & by default, Principal is AWS account. { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::XXX:user/test-user" }, "Action": "sts:AssumeRole", "Condition": {} } ] }

Role is a container for a set of policies, and can be thought of as a phantom user. When you assumeRole, you become that phantom user to gain access to several different policies at once.

perfect tutorial for assume role...thanks!!!

useful thanks this was a great tutorial for understand how to assume roles

its a tricky concept , but you explained it very easily . Appreciate your great work and good luck

Thanks. 1) Roles can have Policies but here Policy was referring Roles (role arn). 2) To achieve this need, user-id can be directly added S3-Full-Access policy also right?

Nice explanation!

Very well explained. Thank you

Super Brother nice and calm explanation.

Great explanation sir....make some videos on small projects sir... that was helpful for us...THANK YOU

Thank you Sir. Please keep uploading these. ❣

hello , do you have any videos explaining injectedidentity concept for provider configs

Hi Rahul, Nice tutorial, How we can transfer data between Amazon S3 buckets using AWS Transfer Family

I am aws solution architect professional certified, still refreshing my knowledge seeing ur videos😂

underrated content!

You're the best 👍 💯 ♠

Rahul, please what is the difference between this and the Part 1 video. For me it looks the same, but this one is a long process

Why to use that sign in link of the IAM role again after we created a inline-policy for the IAM user(test-user) where we have given the action to assume the IAM role(S3-Full-access-role). what's the significance of inline-policy then?

VERY GOOD SIR

Really nice content. Sir you have a soothing voice.

Awesome.... was searching this content. Thank You

can we attache policy directly to IMA User without role

Content is good but the example given here is slightly confusing. In this example, you have created a user which inline policy calls the role. It is policy attached to the Role where the actual instructions are given to grant the access to the S3. Although this has worked but it is complex use. On the other hand the same can be achieved without uaing Role also. Here is how: Go to user & inline policy in it. In this policy you mark "Effect: Allow" , "Action:s3.*", "Resource:*" Thats it. Your user can now able to access the S3. No need to assume any Role or switch the URL etc.

how to use this role using sdk in java?

Sir, What is the difference between root user and management account?

Thank you for the tutorial ! :)

Why we need aws role if we already have IAM policies.... root account can attache s3 policy for test user or if the test user is the root user than it have already all access....

It will be great if you can add in how to perform these in the CLI.

Sir a doubt, that means roles can be assumed for a single time or upto a time limit but policies will be permanent? Is my understanding right ?

You are the best.

I was invited to entry a organization company in AWS, create my account, accept the invitation. But when i log in i dont see any service of the organization, just of my own account. How can i switch to see the services of the company?

I hope you have something on cloudformation

I ain't able to switch accounts in the test account.. "Invalid information in one or more fields Check your information or contact your administrator." This is what it threw..can you help me out?

very informative

This is awesome 🎉

nice once can you create s3 cross region with 2 account

Really Awesome... :)

Thank you.

Thanks

😢help here, root user can't create user because no identity based policy

could you please put Video to deploy databricks14 day free trail in AWS , it will be more useful to me and also Subscribers , Thank you.

amazing. thank you so much :)