AWS IAM Makes It Easier to Delegate Permissions to AWS Services with Service-Linked Roles
Today, AWS Identity and Access Management (IAM) added support for service-linked roles, a new type of role that gives you an easier and more secure way to delegate permissions to AWS services. You can start by using service-linked roles with Amazon Lex, a service that enables you to build conversational interfaces in any application using voice and text.
With service-linked roles, AWS automatically defines and sets the delegated permissions depending upon the actions required to manage your AWS resources on your behalf. AWS only allows changes to service-linked roles that ensure the service has the required permissions to manage your resources. This prevents you from making any changes that would leave your AWS resources in an inconsistent state. Service-linked roles also help you meet monitoring and auditing requirements because all actions performed on your behalf by an AWS service using a service-linked role appear in your AWS CloudTrail logs.
To learn which AWS services support service-linked roles, see AWS Services That Work with IAM. To learn more about these new roles, see the service-linked roles documentation and Introducing an Easier Way to Delegate Permissions to AWS Services: Service-Linked Roles.