A company is building software on AWS that requires access to various AWS services. Which
configuration should be used to ensure mat AWS credentials (i.e., Access Key ID/Secret
Access Key combination) are not compromised?
A.
Enable Multi-Factor Authentication for your AWS root account.
B.
Assign an IAM role to the Amazon EC2 instance.
C.
Store the AWS Access Key ID/Secret Access Key combination in software comments.
D.
Assign an IAM user to the Amazon EC2 Instance.
Explanation:
Use roles for applications that run on Amazon EC2 instances
Applications that run on an Amazon EC2 instance need credentials in order to access other
AWS services. To provide credentials to the application in a secure way, use IAM roles. A role
is an entity that has its own set of permissions, but that isn’t a user or group. Roles also don’t
have their own permanent set of credentials the way IAM users do. In the case of Amazon
EC2, IAM dynamically provides temporary credentials to the EC2 instance, and these
credentials are automatically rotated for you.
http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#use-roles-with-ec2