{
	"id": "a46ddb42-5acb-4e33-abe8-5b6c764fe666",
	"created_at": "2026-04-06T00:17:42.905827Z",
	"updated_at": "2026-04-10T03:21:14.126062Z",
	"deleted_at": null,
	"sha1_hash": "65ed5ead87797f63ca864e17498f45d0aeb063a1",
	"title": "Use instance profiles - AWS Identity and Access Management",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 72224,
	"plain_text": "Use instance profiles - AWS Identity and Access Management\r\nArchived: 2026-04-05 16:13:13 UTC\r\nUse an instance profile to pass an IAM role to an EC2 instance. For more information, see IAM roles for Amazon\r\nEC2 in the Amazon EC2 User Guide.\r\nManaging instance profiles (console)\r\nIf you use the AWS Management Console to create a role for Amazon EC2, the console automatically creates an\r\ninstance profile and gives it the same name as the role. When you then use the Amazon EC2 console to launch an\r\ninstance with an IAM role, you can select a role to associate with the instance. In the console, the list that's\r\ndisplayed is actually a list of instance profile names. The console does not create an instance profile for a role that\r\nis not associated with Amazon EC2.\r\nYou can use the AWS Management Console to delete IAM roles and instance profiles for Amazon EC2 if the role\r\nand the instance profile have the same name. To learn more about deleting instance profiles, see Delete roles or\r\ninstance profiles.\r\nNote\r\nTo update permissions for an instance, replace its instance profile. We do not recommend removing a role from an\r\ninstance profile, because there is a delay of up to one hour before this change takes effect.\r\nManaging instance profiles (AWS CLI or AWS API)\r\nIf you manage your roles from the AWS CLI or the AWS API, you create roles and instance profiles as separate\r\nactions. Because roles and instance profiles can have different names, you must know the names of your instance\r\nprofiles as well as the names of roles they contain. That way you can choose the correct instance profile when you\r\nlaunch an EC2 instance.\r\nYou can attach tags to your IAM resources, including instance profiles, to identify, organize, and control access to\r\nthem. You can tag instance profiles only when you use the AWS CLI or AWS API.\r\nNote\r\nAn instance profile can contain only one IAM role, although a role can be included in multiple instance profiles.\r\nThis limit of one role per instance profile cannot be increased. You can remove the existing role and then add a\r\ndifferent role to an instance profile. You must then wait for the change to appear across all of AWS because of\r\neventual consistency. To force the change, you must disassociate the instance profile and then associate the\r\ninstance profile, or you can stop your instance and then restart it.\r\nManaging instance profiles (AWS CLI)\r\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html\r\nPage 1 of 3\n\nYou can use the following AWS CLI commands to work with instance profiles in an AWS account.\r\nCreate an instance profile: aws iam create-instance-profile\r\nTag an instance profile: aws iam tag-instance-profile\r\nList tags for an instance profile: aws iam list-instance-profile-tags\r\nUntag an instance profile: aws iam untag-instance-profile\r\nAdd a role to an instance profile: aws iam add-role-to-instance-profile\r\nList instance profiles: aws iam list-instance-profiles , aws iam list-instance-profiles-for-role\r\nGet information about an instance profile: aws iam get-instance-profile\r\nRemove a role from an instance profile: aws iam remove-role-from-instance-profile\r\nDelete an instance profile: aws iam delete-instance-profile\r\nYou can also attach a role to an already running EC2 instance by using the following commands. For more\r\ninformation, see IAM Roles for Amazon EC2.\r\nAttach an instance profile with a role to a stopped or running EC2 instance: aws ec2 associate-iam-instance-profile\r\nGet information about an instance profile attached to an EC2 instance: aws ec2 describe-iam-instance-profile-associations\r\nDetach an instance profile with a role from a stopped or running EC2 instance: aws ec2 disassociate-iam-instance-profile\r\nManaging instance profiles (AWS API)\r\nYou can call the following AWS API operations to work with instance profiles in an AWS account.\r\nCreate an instance profile: CreateInstanceProfile\r\nTag an instance profile: TagInstanceProfile\r\nList tags on an instance profile: ListInstanceProfileTags\r\nUntag an instance profile: UntagInstanceProfile\r\nAdd a role to an instance profile: AddRoleToInstanceProfile\r\nList instance profiles: ListInstanceProfiles , ListInstanceProfilesForRole\r\nGet information about an instance profile: GetInstanceProfile\r\nRemove a role from an instance profile: RemoveRoleFromInstanceProfile\r\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html\r\nPage 2 of 3\n\nDelete an instance profile: DeleteInstanceProfile\r\nYou can also attach a role to an already running EC2 instance by calling the following operations. For more\r\ninformation, see IAM Roles for Amazon EC2.\r\nAttach an instance profile with a role to a stopped or running EC2 instance:\r\nAssociateIamInstanceProfile\r\nGet information about an instance profile attached to an EC2 instance:\r\nDescribeIamInstanceProfileAssociations\r\nDetach an instance profile with a role from a stopped or running EC2 instance:\r\nDisassociateIamInstanceProfile\r\nSource: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html\r\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html"
	],
	"report_names": [
		"id_roles_use_switch-role-ec2_instance-profiles.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434662,
	"ts_updated_at": 1775791274,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/65ed5ead87797f63ca864e17498f45d0aeb063a1.pdf",
		"text": "https://archive.orkl.eu/65ed5ead87797f63ca864e17498f45d0aeb063a1.txt",
		"img": "https://archive.orkl.eu/65ed5ead87797f63ca864e17498f45d0aeb063a1.jpg"
	}
}