If you use the AWS Management Console to create a role for Amazon EC2, the console automatically creates an instance profile and gives it the same name as the role. When you then use the Amazon EC2 console to launch an instance with an IAM role, you can select a role to associate with the instance. In the console, the list that's displayed is actually a list of instance profile names. The console does not create an instance profile for a role that is not associated with Amazon EC2. You can attach tags to your IAM resources, including instance profiles, to identify, organize, and control access to them.
Instance Profile needs to be attached for EC2 instances which are internet-facing. You create roles and instance profiles as separate actions if you manage your roles from the AWS CLI or the AWS API. Because roles and instance profiles can have different names, you must know the names of your instance profiles as well as the names of roles they contain. That way you can choose the correct instance profile when you launch an EC2 instance.
Amazon EC2 uses an instance profile as a container for an IAM role. To grant users permission to launch instances with an IAM role, or to attach or replace an IAM role for an existing instance using the Amazon EC2 console, you must grant them permission to use
ec2:ReplaceIamInstanceProfileAssociation in addition to any other permissions, they might need.
EC2 instance profile by default Disable.
To determine if your Instance Profile is to be attached for EC2 instances, perform the following:
If you haven't already created an instance profile, run the following AWS CLI command
aws iam create-instance-profile --instance-profile-name EXAMPLEPROFILENAME
Run the following AWS CLI command to add the role to the instance profile
$ aws iam add-role-to-instance-profile --instance-profile-name EXAMPLEPROFILENAME --role-name EXAMPLEROLENAME
Run the following AWS CLI command to attach the instance profile to the EC2 instance
$ aws ec2 associate-iam-instance-profile --iam-instance-profile Name=EXAMPLEPROFILENAME --instance-id i-012345678910abcde
Back out plan:
If you want to delete or detach role to the instance follow the below step