Effective IAM for AWS
Appendix - IAM roles quickstart
Appendix - IAM roles quickstart
This table details the common people IAM roles defined in Create IAM principals and provision access. Consider creating these roles in your AWS accounts to support common needs:
| Role Name | Type | Description | Present in Account(s) |
|---|---|---|---|
| admin | Person | Used to perform emergency operational tasks and initial account configuration activities manually:
| All accounts |
| security | Person | Used by security engineers to inspect, build, and manage security policies and security-related infrastructure. | All accounts |
| operations | Person | Used to perform common operational tasks in an account manually, such as:
| Runtime, Shared Services, Delivery |
| network-eng | Person | Used by network engineers to inspect, build, and manage network infrastructure, network security policies, and logs. | Runtime, Shared Services, Delivery |
| database-eng | Person | Used by database engineers and administrators to inspect, build, and manage datastores. | Runtime, Shared Services, Delivery |
| cloud-eng | Person | Used by platform engineers to build and manage the common infrastructure that applications deploy onto or into. | Runtime, Shared Services, Delivery |
| release | Person | Used by release (build, cm) engineers to build and manage delivery pipelines. | Runtime, Delivery |
| observability | Person | Used by observability engineers to build and manage monitoring and logging systems that collect telemetry from AWS accounts, systems, and applications. | All accounts |
| cost-mgmt | Person | Used by accounting or finance teams to investigate AWS expenditure | Management account |
| app-eng | Person | Used by application engineers (developers) to build and manage applications used by either external or internal customers. | Runtime |