iam-passrole

https://www.youtube.com/watch?v=ZI5VTUXU4LQ

If you need to assign a role to ec2 instance. You’ll need iam:passrole access on that particular role.

Is it a possibility that I can pass a role greater than mine?

• Yes, it is possible — if you have iam:PassRole on a high-privilege role, you can pass a role with permissions greater than yours, even if you can’t use those permissions directly yourself.
• But its better to restrict IAM pass-role usage on limited number of roles.