A company is building software on AWS that requires access to various AWS services. Which configuration
should be used to ensure mat AWS credentials (i.e., Access Key ID/Secret Access Key combination) are not
compromised?
A.
Enable Multi-Factor Authentication for your AWS root account.
B.
Assign an IAM role to the Amazon EC2 instance.
C.
Store the AWS Access Key ID/Secret Access Key combination in software comments.
D.
Assign an IAM user to the Amazon EC2 Instance.
Explanation:
Use roles for applications that run on Amazon EC2 instances.
Applications that run on an Amazon EC2 instance need credentials in order to access other AWS services. To
provide credentials to the application in a secure way, use IAM roles. A role is an entity that has its own set of
permissions, but that isn’t a user or group. Roles also don’t have their own permanent set of credentials the way
IAM users do. In the case of Amazon EC2, IAM dynamically provides temporary credentials to the EC2
instance, and these credentials are automatically rotated for you.
http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#use-roles-with-ec2