Create and Assume Roles in AWS

Libraries: If you want this lab, consider one of these libraries.
Cloud
Security

Create and Assume Roles in AWS

AWS Identity and Access Management (IAM) is a service that allows AWS customers to manage user access and permissions for the accounts and available APIs/services within AWS. IAM can manage users, security credentials (such as API access keys), and allow users to access AWS resources. In this lab, we discover how security policies affect IAM users and groups, and we go further by implementing our own policies while also learning what a role is, how to create a role, and how to assume a role as a different user. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have standard long-term credentials such as a password or access keys associated with it. Instead, when you assume a role, it provides you with temporary security credentials for your role session. By the end of this lab, you will understand IAM policies and roles, and how assuming roles can assist in restricting users to specific AWS resources. AWS Documentation: [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html).

Get started Contact sales

Lab Info

Level

Beginner

Last updated

Sep 25, 2025

Duration

45m

Challenge

Create the S3RestrictedPolicy IAM Policy
Perform the following tasks:
1. Create the S3RestrictedPolicy IAM policy. Ensure only the appconfig buckets are accessible.
  
  Select the S3 service and all S3 actions.
  
  Select all resources except bucket.
  
  Add the appconfig bucket names to the policy.
Challenge

Create the IAM Role
Perform the following tasks:
1. Create the S3RestrictedRole IAM role.
  
  Set the trusted entity to AWS account.
  
  Select bullet next to This account:
  
  For permissions, select the S3RestrictedPolicy.
2. Update the S3RestrictedRole trusted entity to the user2 arn value.
Challenge

Test IAM Policy and Role Configuration
Perform the following tasks:
1. Attach the S3RestrictedPolicy to the user1. Then, log in as user1 and test access.
2. Log in as user2, assume the S3RestrictedRole and test access.

About the author

Pluralsight Skills

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.