- Running EC2 instance without any IAM roles (so you if you connect the instance and try to run AWS commands, it fails)
- IAM role with "IAMReadOnlyAccess" policy
- Attach a role (and if such role doesn't exists, create it) with "IAMReadOnlyAccess" policy to the EC2 instance
- Verify you can run AWS commands in the instance