By default your EC2 instance has no access to other services such as S3. But what if you want to access S3 from EC2 ? You could use access keys and secret keys but that’s prone to security issues if the keys get into unauthorized hands. So instead of using access keys and secret keys you can use IAM Roles to assign permissions to your EC2 Instances. With this method you create an IAM role, assign some permissions to it – for example accessing the S3 service – then you can attach this role to the EC2 instance and you have access to S3 from within that instance. Easy!