Roles are a type of identity that can be temporarily assumed by multiple AWS users or variable number of external principals. To configure IAM roles, attach a trust policy for configuring who can assume the role and a permissions policy for what the role can/cannot do.
To assume role programmatically, use AWS Secure Token Service (STS) to generate temporary security credentials to use role’s permissions (i.e. sts:AssumeRole
permission is needed to assume role). The AWS web console also provides UI for switching role, but only if you have the role name.