What it is: A container used to attach an IAM role to an EC2 instance.

What it’s for:

• Let EC2 securely call AWS services without storing access keys on the instance.

Key ideas:

• EC2 receives temporary credentials via metadata (IMDS).
• Best practice: use roles instead of static keys.

Exam cues:

• “EC2 needs access to S3 without keys” → instance profile + role.

Hard words:

• *metadata* /ˈmetəˌdeɪtə/: siêu dữ liệu
• *credentials* /krəˈdɛnʃəlz/: thông tin đăng nhập