This document summarizes a talk on building AWS partner applications using IAM roles. It discusses using the AssumeRole API to access AWS resources across accounts with temporary credentials instead of long-term access keys. It also covers using an external ID parameter to prevent confused deputy attacks by verifying the account being accessed belongs to the user. The document provides code samples and recommends architectures that use least privilege and isolate privileged instances.