IAM roles allow you to make AWS resources and service calls without supplying any long-term credentials. They are not associated with any specific user or group; rather, trusted entities assume a role and perform actions, providing the role has permissions. Using IAM roles is a best practice wherever you can, as it helps you to maintain security. You do not need to have a process to recycle the credentials. Roles take care of the recycling of credentials automatically.
Before you can create an IAM role using a PowerShell cmdlet, you must create a trust policy. A trust policy permits AWS services such as EC2 to assume an IAM role on behalf of your application. To create the trust policy, copy the following policy and paste it in a text file and save it with the name, EC2_Trust_Policy_4_Apps.json. New-IAMRole is the cmdlet that can be used to create a role.
To...