Is the permission correctly defined in doc_source/id_roles_use_switch-role-ec2.md ?

awsdocs / iam-user-guide

Official documentation source for the AWS Identity and Access Management (IAM) User Guide

MIT No Attribution

325 stars 355 forks source link

Is the permission correctly defined in doc_source/id_roles_use_switch-role-ec2.md ? #196

Closed commjoen closed 4 years ago

commjoen commented 4 years ago

Hello there, Thank you for all the documentation for the IAM service! It has helped us a lot! I just wonder: In doc_source/id_roles_use_switch-role-ec2.md it says:

The `ListInstanceProfiles` action allows users to view all of the roles that are available in the AWS account\.

Is there a reason why ListInstanceProfiles is required instead of ListRoles?

With warm regards.

bonniekeller commented 4 years ago

Thanks so much for the question. Yes, for EC2, roles work a little differently than other services. The instance profile is like a container for the role that is attached to the EC2 instance. Its purpose is to provide the role's temporary credentials to an application that runs on the instance, so you need permissions for the ListInstanceProfiles action to be able to list all of the roles. To learn more, see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html.