IAM Roles and Instance Profiles

We're finally dealing with the most important part of IAM: Roles.

Here we see how a Role can be "assumed". In this case, we'll create an Instance Profile, which lets the EC2 server "assume" a role and gain it's permissions.

Then our code (which interacts with the AWS API) can assume that role (behind the scenes) and make the API calls that are permitted!

This deals with creating a role, assigning it a policy, and setting the oft-forgotten trust policy.