# EC2 IAM instance profile
<a name="defaults-instance-profile"></a>

An instance profile is a container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.

------
#### [ MALZ ]

There are two AMS default instance profiles, `customer-mc-ec2-instance-profile` and `customer-mc-ec2-instance-profile-s3`. These instance profiles provide the permissions described in the following table.


**Policy descriptions**  
<a name="default-iam-profile-malz-table"></a>[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/managedservices/latest/userguide/defaults-instance-profile.html)

------
#### [ SALZ ]

There is one AMS default instance profile, `customer-mc-ec2-instance-profile`, that grants permissions from the IAM instance policy `customer_ec2_instance_profile_policy`. This instance profile provides the permissions described in the following table. The profile grants permissions to the applications running on the instance, not to users logging into the instance.

Policies often include multiple statements, where each statement grants permissions to a different set of resources or grants permissions under a specific condition.

CW = CloudWatch. ARN = Amazon Resource Name. \$1 = wildcard (any).


**EC2 default IAM instance profile permissions**  
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/managedservices/latest/userguide/defaults-instance-profile.html)

------

If you're unfamiliar with Amazon IAM policies, see [Overview of IAM Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) for important information.

**Note**  
Policies often include multiple statements, where each statement grants permissions to a different set of resources or grants permissions under a specific condition.