- Roles are the preferred option for assigning permissions
- Policies control a role's permissions
- Policies attached to a role can be updated. Updates take immediate effect
- Roles can be attached/detached from running EC2 instances without having to stop the EC2 instance