AWS IAM role gives an extra layer of security by managing and rotating the keys themselves. Keys are encrypted credentials known as access key and secret key.

Access key example is as follows:

aws iam create-role --role-name myTestKey --assume-role-policy-document file://myTestKeyPolicy.json --description "Role for testing access from EC2 to S3 and Route 53"

A policy is JSON document consist of permission delegated from one AWS service to another AWS service. The default permission of an IAM role is all deny (by default blocks all the requests to any service until specified explicitly). Sample policy is for creating and managing an EC2 instance, S3 bucket, and Route 53.

Sample policy (save the following text as myTestKeyPolicy.json ...