Next, we have roles that can be assumed by a user in either the same or a different AWS account. When a user assumes a role, their current set of permissions associated with their user identity is temporarily replaced with the permissions associated with the role. To assume a role, the identity needs to have the relevant permissions to do so; without these configured permissions, accessing the role is not possible. These permissions can be associated with a group or with the user identity themselves.
The role can be assumed either through the Management Console or programmatically via the AWS Command-Line Interface (CLI). If the user switches to the role from within the Management Console, then the identity can only do so for 1 hour. If the role was assumed programmatically using the assume-role command on the CLI or the AssumeRole API operation, then the role can be assumed for a minimum of 15 minutes or up to 1 hour by using the duration-seconds parameter on the...