Due to dynamic service infrastructure, complex configurations and various inter-dependencies of resources in cloud, it becomes quite important to put your security engine in place. That said, AWS EC2 is the elastic compute service that requires certain IAM roles with a specific set of permissions to securely access AWS service APIs.
What is an IAM role?
An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have standard long-term credentials such as a password or access keys associated with it. Instead, when you assume a role, it provides you with temporary security credentials for your role session.
IAM roles for EC2 instances
IAM roles allow applications running in your EC2 instances to act on your behalf. You can use the Access Policy Language to specify permissions just like an IAM user. On the other hand, unlike a user, a role cannot be used to directly call AWS service APIs. A role must be assumed by an entity – an EC2 instance in this case.
Having IAM roles for your EC2 instances helps in ensures secure access
When you launch an EC2 instance with an IAM role, temporary AWS security credentials with specified permissions to the instance are securely provisioned and are made available to your application. The Metadata Service makes new temporary security credentials prior to the expiration of the current active credentials. This way, the valid credentials are always available on the instance.
Know more about IAM roles for EC2 instances.