Overview
In June of 2012 Amazon AWS introduced Roles with the IAM
(Identity and Access Management) tool.
You can see their blog post and a short video covering its user here http://aws.typepad.com/aws/2012/06/iam-roles-for-ec2-instances-simplified-secure-access-to-aws-service-apis-from-ec2.html
[1]
In a nutshell
1. Create
a Role within IAM
2. Set
that roles policies
3. Create
an EC2 instance with this role assigned to it
(must do at creation cannot do after the fact)
That is it, now your EC2 machine has access to metadata
that allows it to access this role and its permissions. In theory it could work with things like
s3cmd or s3fs but as of this writing I do not think those tools have been
updated to take advantage of this feature.
The Amazon provided SDKs can take advantage of this, so that is what I
will cover here.