A developer is creating a new batch application that will run on an Amazon EC2 instance. The application requires read access to an Amazon S3 bucket. The developer needs to follow security best practices to grant S3 read access to the application.
Which solution meets these requirements?
The best practice for granting an Amazon EC2 instance permissions to access other AWS services like Amazon S3 is to attach an IAM role to the EC2 instance profile. This allows the instance to assume the role and inherit the permissions defined in the attached IAM policy. This method ensures that you do not need to embed credentials within the application code and you can manage permissions centrally. Therefore, adding the permissions to an IAM policy, attaching the policy to a role, and attaching the role to the EC2 instance profile is the correct solution.
using an IAM role attached to an EC2 instance profile with the appropriate IAM policy for S3 read access is the best practice. This approach ensures that the EC2 instance has the necessary permissions without embedding credentials or using less appropriate methods.