Let’s say you create a new EC2 instance and you want to be able to read users in IAM from there with
aws iam list-users
However this command will fair as the instance does not have the permission. All you need to do is create a role in IAM, assign the appropriate permission, in this case IAM Read Only and then attach the role to the instance. Just be sure to follow the principle of least privilege.