Using IAM Instance Roles for AWS Resource Access
Restrict Access to Resources with Instance Roles
Understanding instance roles is key to understanding AWS IAM architecture. Recommendation 1.19 of the CIS AWS Foundations Benchmark states that by ensuring IAM instance roles are used for AWS resource access, you reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. Ensuring that you have restricted access to your AWS resources based on instance policies will allow you to ensure that proper segmentation is in place within your environment.
For more information, visit the AWS documentation on using IAM roles for EC2 instances.
Transcription
Identity and Access Management within AWS is probably one of the most complex architectural understandings when it comes to AWS implementation. One critical concept within the AWS IAM architecture is that of instance roles. Ensuring that your EC2 instances have proper access to their AWS resources is a critical understanding that has to be implemented within your environment. Ensuring that you have restricted access to your resources based on instance policies will allow you to ensure that proper segmentation is in place within your environment.