IAM Identities

Users and roles are the foundation of IAM access control. Users represent individual identities, while roles group permissions that can be assumed by users or other Deployport services.

Managing Users

Creating Users

Create a new user in your account:

deployport iam users create <username>

Example:

deployport iam users create john-developer

Note

New users start with no policies attached, meaning they grant no permissions until policies are explicitly assigned. If you need to assign permissions to your newly created user, learn how to create and attach identity policies to grant permissions.

Managing Roles

A role is a collection of permissions that can be assumed by users or services to perform specific tasks. Unlike users, roles are not permanent identities - they provide temporary access to resources based on the policies attached to them. This makes roles ideal for applications, cross-service access, and situations where you need to delegate specific permissions without sharing long-term credentials.

Creating Roles

Create a new role for grouping permissions:

deployport iam roles create <rolename>

Example:

deployport iam roles create developer-access

Note

New roles start with no policies attached, meaning they grant no permissions until policies are explicitly assigned. If you need to assign permissions to your newly created role, learn how to create and attach identity policies to grant permissions.

Assuming Roles

Role assumption allows users to temporarily gain the permissions of a role, providing secure access to resources without permanent credential assignment.

To assume a role and get temporary credentials with that role’s permissions:

deployport iam roles assume <role-name>

Example:

deployport iam roles assume r1

This will output temporary Access Key ID and Secret Access Key that inherit the permissions of the assumed role.

I have role assumption credentials, how can I test or use them?

In the current shell session you could use another profile and configure the credentials:

Linux & Mac

export DEPLOYPORT_PROFILE=temp-role
deployport configure -i <ACCESS_KEY_ID> -k <SECRET_ACCESS_KEY> -r <REGION>

Windows

$env:DEPLOYPORT_PROFILE="temp-role"
deployport configure -i <ACCESS_KEY_ID> -k <SECRET_ACCESS_KEY> -r <REGION>

Replace <ACCESS_KEY_ID> and <SECRET_ACCESS_KEY> with the credentials you received from the role assumption, and <REGION> with your desired region (e.g., us-nyc).

Best Practices

• Users for People: Create individual users for each person who needs access
• Roles for Applications: Use roles for applications, services, and temporary access patterns
• Meaningful Names: Use descriptive names that indicate the user’s role or the role’s purpose
• Regular Review: Periodically review users and roles to ensure they’re still needed

What’s Next?

Learn how to create and attach identity policies to grant permissions to your users and roles.