IAM Roles - GCP vs AWS
An engineer is trying to figure out how cloud computing works
Both GCP and AWS incorporate the concept of the
IAM Role; however, they define the term differently. Let's delve into their respective definitions.
A role is a collection of permissions. Permissions determine what operations are allowed on a resource. When you grant a role to a principal, you grant all the permissions that the role contains.
It means that
Roles do not know about principals (aka end users, service accounts, etc)
To assign (or bind) one or multiple principals to individual roles, we need to use
An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it
In AWS, on the other way around,
IAM roles similar to
IAM identity. However, there is a concept that is similar to GCP's role:
IAM policies define permissions for an action regardless of the method that you use to perform the operation.
And we can manage access in AWS by creating policies and attaching them to IAM identities
To conclude, for newcomers transitioning between GCP and AWS, it is important to tread carefully due to the potential confusion that may arise from variances in IAM role concepts.