1
00:00:00,090 --> 00:00:01,740
So we have to talk about

2
00:00:01,740 --> 00:00:03,660
the last component of IAM,

3
00:00:03,660 --> 00:00:05,400
which is called IAM Roles.

4
00:00:05,400 --> 00:00:07,850
So some AWS services that we'll be launching

5
00:00:07,850 --> 00:00:10,500
throughout this course will need to perform actions

6
00:00:10,500 --> 00:00:13,950
on our behalf, on our account, okay?

7
00:00:13,950 --> 00:00:15,710
And for this to do these actions,

8
00:00:15,710 --> 00:00:16,543
they're just like users,

9
00:00:16,543 --> 00:00:18,620
they will need some kind of permissions.

10
00:00:18,620 --> 00:00:21,710
So we need to assign permissions to AWS services

11
00:00:21,710 --> 00:00:22,543
and to do so,

12
00:00:22,543 --> 00:00:25,030
we're going to create what's called an IAM Role.

13
00:00:25,030 --> 00:00:28,360
So these IAM role will be just like a user,

14
00:00:28,360 --> 00:00:32,310
but they are intended to be used not by physical people,

15
00:00:32,310 --> 00:00:35,720
but instead they will be used by AWS services.

16
00:00:35,720 --> 00:00:36,553
So what does that mean?

17
00:00:36,553 --> 00:00:37,620
It's a bit confusing.

18
00:00:37,620 --> 00:00:38,720
So for example,

19
00:00:38,720 --> 00:00:40,950
we are going to create throughout this course,

20
00:00:40,950 --> 00:00:42,710
an EC2 Instance.

21
00:00:42,710 --> 00:00:45,640
An EC2 Instance is just like a virtual server,

22
00:00:45,640 --> 00:00:48,080
and we'll see this in the next section.

23
00:00:48,080 --> 00:00:50,480
But so this EC2 Instance may want to

24
00:00:50,480 --> 00:00:53,870
perform some actions on AWS and to do so,

25
00:00:53,870 --> 00:00:57,250
we need to give permissions to our EC2 Instance.

26
00:00:57,250 --> 00:01:00,130
To do so, we're going to create an IAM Role and together

27
00:01:00,130 --> 00:01:02,110
they're going to make one entity.

28
00:01:02,110 --> 00:01:05,190
And together, once the EC2 Instance is trying

29
00:01:05,190 --> 00:01:08,650
to access some information from AWS,

30
00:01:08,650 --> 00:01:10,560
then it will use the IAM Role.

31
00:01:10,560 --> 00:01:14,090
And if the permission assigned to the IAM Role is correct,

32
00:01:14,090 --> 00:01:16,010
then we're going to get access to the call

33
00:01:16,010 --> 00:01:17,410
we're trying to make.

34
00:01:17,410 --> 00:01:19,260
So some common roles include

35
00:01:19,260 --> 00:01:21,870
what I just showed you, EC2 Instance roles,

36
00:01:21,870 --> 00:01:24,640
but also other things that perform actions against AWS

37
00:01:24,640 --> 00:01:25,600
we'll see in this course.

38
00:01:25,600 --> 00:01:28,560
For example, Lambda Function Roles or CloudFormation.

39
00:01:28,560 --> 00:01:30,530
So I know this is a high level of review.

40
00:01:30,530 --> 00:01:32,420
In the next lecture we'll be creating a role,

41
00:01:32,420 --> 00:01:35,570
but we won't be using it yet until the next section,

42
00:01:35,570 --> 00:01:37,100
but let's go ahead and create a role.

43
00:01:37,100 --> 00:01:38,850
I will see you in the next lecture.