An IAM role is an AWS identity with permission policies that determine what the identity can and cannot do in AWS.
TL;DR The principal is WHO will be able to access a resource.
The policy is WHAT the principals associated with the role will be able to do.
The role links the principals thanks to the assume_role_policy with the inline policy argument. The attachement links the role to a managed policies instead of the inline policy.