To connect my ec2-instance to S3 or RDS, I usually need to give ec2 instance a role with appropriate permissions, correct?
If I have my ec2-instance in one SecurityGroup and s3/RD3 in another security group, won't just giving a S3/RDS role and permission to ec2 suffice?
Trying to understand when should I use role vs security groups to allow various AWS resources to talk to each other.