Diving deeper into our VPC, we are now going to look at ways to enhance the security around our EC2 instances.
IAM EC2 Roles are the recommended way to grant your application access to AWS services.
As an example, let us assume we had a web app running on our web server EC2 instance and it needs to be able to upload assets to S3.
A quick way of satisfying that requirement would be to create a set of IAM access keys and hardcode those into the application or its configuration. This however means that from that moment on it might not be very easy to update those keys unless we perform an app/config deployment. Furthermore, we might for one reason or another end up re-using the same set of keys with other applications.
The security implications are evident: reusing keys increases our exposure if those get compromised and having them hardcoded greatly increases our reaction time (it takes more effort to rotate such keys).
An alternative to the preceding method would be to use...