IAM roles are an integral part of AWS. In the very simplest terms, roles can be assumed to supply a specific set of permissions to someone/something for a temporary amount of time (the default being 1 hour). This someone or something could be a person, an application, an AWS service, another AWS account, or really anything that programmatically accesses AWS.