AWS provides a plethora of services to access these services. You will need a strategy to distribute and rotate the credentials to your EC2 instances, especially the ones which AWS creates on your behalf like Spot instances or Auto Scaling groups. A good security practice is credential scoping - granting access only to the services your application requires. AWS solves this issue via IAM roles.

1. From the IAM dashboard, click on Roles in the navigation pane link and then on the Create role button:.

2. Select the EC2 service and then the use case as shown here, and click on the Next: Permissions button:

3. Next, we will assign permissions for the selected role. For now, we do not have any credential scoping. Read and write permissions for all AWS services are granted to the role. Permissions to the role can be reassigned even when the EC2 instance is running. Select Policy name as AmazonEC2FullAccess for our EC2 instances that have access to all the AWS provided services, and click on the Next: Review button:

4. Name the role as ec2Instances and provide a brief description in the Role description field. Click on the Create role button:

5. After the role is created, it should be listed as shown: