> You can assign multiple IAM roles to an instance profile, which is what is associated with an instance.
Perhaps there is some contradiction in the IAM docs, but I couldn't find that reference. This seems to indicate that only one role can be assigned to an instance profile:
"Note that only one role can be assigned to an Amazon EC2 at a time, and all applications on the instance share the same role and permissions." (first paragraph, last sentence)
You can assign multiple IAM roles to an instance profile, which is what is associated with an instance.
See e.g. [0]; you can add IAM roles to instance profiles without destroying the instance.
[0] https://docs.aws.amazon.com/cli/latest/reference/iam/add-rol...