# EC2 Instance Roles

EC2 Instance roles and Instance Profiles are how applications running on an EC2 instance can be given permissions to access AWS resources on your behalf.

Short Term Temporary credentials are available via the EC2 Instance Metadata and are renewed automatically by the EC2 and STS Services.

<figure><img src="https://1856860631-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsNc001Xcz63mWjGXymkd%2Fuploads%2F2oA8JvTXyP52yHH3RuSG%2Fimage.png?alt=media&#x26;token=26607a43-17ca-4b68-9d48-8936eb7cc3e0" alt=""><figcaption></figcaption></figure>

**Command Line to see the role and the token ID**

```
aws s3 ls

curl http://169.254.169.254/latest/meta-data/iam/security-credentials/

curl http://169.254.169.254/latest/meta-data/iam/security-credentials/A4LInstanceRole
```

{% embed url="<https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html#cli-configure-quickstart-precedence>" %}