Monitor and control actions taken with assumed roles An IAM role is an object in IAM that is assigned permissions . When you assume that role using an IAM identity or an identity from outside of AWS, you receive a session with the permissions that are assigned to the role.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html