====== Instance Profile ======

**What it is:** A container used to attach an IAM role to an EC2 instance.

**What it’s for:**
  * Let EC2 securely call AWS services without storing access keys on the instance.

**Key ideas:**
  * EC2 receives temporary credentials via metadata (IMDS).
  * Best practice: use roles instead of static keys.

**Exam cues:**
  * “EC2 needs access to S3 without keys” → instance profile + role.

**Hard words:**
  * *metadata* /ˈmetəˌdeɪtə/: siêu dữ liệu
  * *credentials* /krəˈdɛnʃəlz/: thông tin đăng nhập