Few years back this feature was not available in AWS .Once instance launched with particular role you can not replace . Need to launch the instance with required role .This is really challenge task in real time scenario
Now Amazon enabled this beautiful features . So you can attache or replace the role to instance anytime even in EC2 instance running state also. So instance can get additional required permission . It will reduce the administrative task to maintain the credentials.
The below steps shows how easliy can update the role to EC2 instance.
The instance shown below does not have any role attached during instance launch.
Now for example we can take the scenario EC2 instance OS logs need to send specific S3 bucket . So we are not going to use any user credentials to do this . We are going to achieve through role.
Now Click “Actions–> Instance Settings –> Attach replace role
Select the IAM role “S3 Full Access” from the drop down list and click Apply
When you start the instance it will show role attached. Bythis way you can attache role to instance even in stopped or running state also. Remember at a time only one role can attach to instance
Now Ec2 instance can access the bucket and send the logs.