AWS service role

There are scenarios where an AWS service such as Amazon EC2 needs to perform actions on your behalf, for example, an EC2 instance would need to access S3 buckets for uploading some files, so we'll create an AWS Service Role for EC2 service and assign this role to the EC2 instance. While creating this service role, we'll define all the permissions required by the AWS service to access other AWS resources and perform all actions.

The following figure shows various AWS service roles available in IAM: