I am trying to access SQS from spring boot app running on EC2 instance. Both the consumer and SQS queue will be on the same AWS account. I was told that I should add an instance profile to EC2 instance to access SQS. What is the difference between role and instance profile in this case? Wouldn't a role with appropriate policy be sufficient?
An Instance Profile is a container for a single IAM Role.
A typical convention is to create an IAM Role and an Instance Profile of the same name for clarity.
An EC2 Instance cannot be assigned a Role directly, but it can be assigned an Instance Profile which contains a Role.
The benefits of using an Instance Profile is that you don't need to manage an AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
. Your application no longer needs to worry about how to securely store and access that information.