Using AWS Role Credentials, Part III

The last remaining step in using AWS role credentials was to launch an EC2 instance using the role created in step 2, and deploy the test application built in step 1.  Launching the instance via the console is done in the usual manner, with the addition of one very important thing;  On step 3, be sure to apply the IAM role to your instance:

After the instance was launched, the test application was zipped and deployed to EC2 via:

 psftp ec2-user@ec2-w-y-x-z.compute-1.amazonaws.com -i mykeys.ppk  

Before running the application, the instance metadata was queried on the EC2 instance to validate that the role was applied and that temporary credentials were being generated:

 curl -L 169.254.169.254/latest/meta-data/iam/security-credentials/EC2-READ-S3  

which resulted in (partial snapshot):

Finally the test application was unzipped and run successfully:

As time allows I need to research the mechanism which generates the temporary credentials, and see how that affects code where objects are cached for an extended period of time (will the client always refresh the credentials before expiration via sdk, or must additional steps be taken to periodically refresh the credentials manually).