IAM Instance Profile

aws/iam aws/security aws/concept

💡 Definition

An IAM Instance Profile is a container for an IAM Role that you can use to pass role information to an EC2 instance when the instance starts. It allows applications running on the EC2 instance to obtain temporary credentials to access other AWS services.

🔑 Key Concepts

⚙️ How it Works

  1. Create an IAM Role: Create a role that grants the desired permissions (e.g., s3:PutObject) and set the trusted entity to be the EC2 service (ec2.amazonaws.com).
  2. Create an Instance Profile: Create the instance profile and attach the role to it. (Note: When using the AWS Management Console, this step is often done automatically when you create the role for EC2).
  3. Attach to EC2: Associate the instance profile with the EC2 instance at launch time.
  4. Application Access: Your application code, using the AWS SDK, will automatically search for and use the credentials provided by the instance profile.

🎯 Use Cases

💰 Pricing Model

📝 Exam Tips (CLF-C02)


See Also: * IAM Role * EC2 * Principle of Least Privilege