What is an IAM role? Why is it required?

An IAM (Identity and Access Management) role is an AWS identity that defines a set of permissions for making AWS service requests. Unlike a user, a role has no long‑term credentials; instead, it is assumed by trusted entities such as IAM users, EC2 instances, Lambda functions, or external services. Roles enable fine‑grained, temporary access to resources, improving security by following the principle of least privilege. For example, an EC2 instance can assume a role that allows it to read from a specific S3 bucket, eliminating the need to embed long‑term keys in the instance. Roles also support cross‑account access, allowing resources in one AWS account to securely interact with resources in another.