EC2 Instance
Instance Profile
Application
Role: get-pics
1. AWS Admin creates role that grants read access to PHOTOS bucket
2. EC2 instance launched with the role as instance profile.
3. App uses AWS CLI/SDK to acquire temporary credentials for role
4. App gets photos using credentials
S3 Bucket
PHOTOS