Role for Web Identity Provider

There are times when you will have a requirement to provide access to resources in your AWS account for users who are not authorized to use AWS credentials; instead they use either web identity providers such as Facebook, Amazon, and so on, for sign in or any identity provider compatible with OpenID Connect (OIDC). When users are authenticated by these external web identity providers, they will be assigned an IAM role. These users will receive temporary credentials required to access AWS resources in your AWS account.

The following figure the shows various options available for creating roles for Identity provider access:

Let us also look at the other terms used with reference to IAM roles.