What are IAM roles and policies, and how do you use them to manage access control?

In AWS, IAM roles and IAM policies are core components of identity and access management, helping you control access to resources securely.

IAM Roles:

An IAM role is an AWS identity with specific permissions. Unlike IAM users, roles are not associated with a single person but are assumed by trusted entities, such as AWS services, IAM users, or external users. Roles define what actions are allowed or denied and can be assumed temporarily by authorized entities. For example:

•   An EC2 instance can assume a role to access an S3 bucket.
  
•   A Lambda function can assume a role to interact with DynamoDB.
  

IAM Policies:

An IAM policy is a document that defines permissions (which actions are allowed or denied) on AWS resources. Policies are written in JSON format and can be attached to IAM users, groups, or roles. There are two types of policies:

•   Managed Policies: These are pre-built policies provided by AWS, such as "AdministratorAccess" or "ReadOnlyAccess."
  
•   Inline Policies: Custom policies that are directly embedded into a user, group, or role.
  

Managing Access Control with IAM Roles and Policies:

To manage access control in AWS:

  1. Attach Policies to Roles: Assign specific IAM policies to roles that define what actions a role can perform on resources.

  2. Grant Permissions to Users/Services: Users or services can assume roles to access AWS resources according to the permissions defined in the role’s policies.

  3. Use Least Privilege: Always follow the principle of least privilege by granting only the necessary permissions required to perform tasks.

By using IAM roles and policies together, you can fine-tune access control, ensuring that only authorized entities have the right level of access to your AWS resources, thus enhancing security.