You need to assume a role. The AWS PowerShell tools have the ability to create a credential profile that assumes a role. It will even take care of renewing the temporary credentials when necessary. Great!
What’s potentially not as great is the fact that “assume role” type credential profiles require you to designate a source profile. In many cases that’s not an issue. But, if you are relying on an EC2 instance profile to authenticate your PowerShell commands, you may not have a profile.
That’s the exact scenario I came across.