Policy : Policy define permission of aws identity(users, group, roles) or resource within the aws account. Policy ensure that only the authorized usrs have access to specific asstes. Permissions defined within a policy either allow or deny access for the user to perform an action on a specific resource.
A policy can be identity based or resuorce based. Identity-based policies are attached to an identity (a user, group, or role) and ensure the permissions of that specific identity. On the other hand a resource-based policy defines the permissions around the specific resource—by specifying which identities have access to a specific resource and when.
Role : Role are designed so that a set of permissions can easily be assign to users on an individual basis. For example, instead of assigning an individual all their necessary permissions one at a time, they can be assigned a specific role that contains all the necessary permissions in a single step.