IAM roles provide temporary permissions for an AWS service or user so that they can access another AWS service. An IAM role is an AWS identity with permissions policies. A service or user assumes a role, and then they are provided with temporary credentials for that session. We can use IAM roles to give permissions to users, services, and applications.

In this recipe, we gave S3 access permissions to our EC2 instance. Now, we can execute supported S3 operations (for example, run the s3 ls command from a Terminal) from our EC2 instance without configuring the credentials. An alternative is to configure the AWS credentials inside the EC2 machine, but if anyone breaks into the machine, these credentials will be exposed.