EC2 Instance

Instance Profile

Application

Role: get-pics

1. AWS Admin creates role that grants read access to PHOTOS bucket

2. EC2 instance launched with the role as instance profile.

3. App uses AWS CLI/SDK to acquire temporary credentials for role 

4. App gets photos using credentials