Ensure AWS EC2 Instances use IAM Roles to control access

Applications running on EC2 instances frequently access additional AWS services and must be granted permissions to make API calls. The recommended approach for granting EC2-based applications AWS permissions is with an IAM role for EC2 because this eliminates the need to distribute and rotate long-term credentials on EC2 instances. When creating IAM roles, associate least-privilege IAM policies that restrict access to the specific API calls the application requires.