AWS Identity and Access Management
User Guide

Using Instance Profiles

An instance profile is a container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.

Managing Instance Profiles using the AWS Management Console

If you use the AWS Management Console to create a role for Amazon EC2, the console automatically creates an instance profile and gives it the same name as the role. When you then use the Amazon EC2 console to launch an instance with an IAM role, you can select a role to associate with the instance. In the console, the list that's displayed is actually a list of instance profile names. The console does not create an instance profile for a role that is not associated with Amazon EC2.

Managing Instance Profiles using the AWS CLI, Tools for Windows PowerShell, and AWS API

If you manage your roles from the AWS CLI, Tools for Windows PowerShell, or the AWS API, you create roles and instance profiles as separate actions. You can give the roles and instance profiles different names, so you have to know the names of your instance profiles as well as the names of roles they contain so that you can choose the correct instance profile when you launch an EC2 instance.


An instance profile can contain only one IAM role. However, a role can be included in multiple instance profiles.

You can use the following commands to work with instance profiles in an AWS account.

Create an instance profile

Add a role to an instance profile

List instance profiles

Get information about an instance profile

Remove a role from an instance profile

Delete an instance profile