A developer is configuring a Lambda function to access resources in a separate AWS account. To follow best security practices, the developer needs to grant the Lambda function the necessary permissions. What should the developer use to accomplish this?
Create an IAM role in the target account that the Lambda function can assume, with the necessary permissions attached.
Attach an inline policy to the Lambda function's execution role granting access to the target account resources.
Use the Lambda function's own execution role directly to access resources in the target account without assuming any roles.
Store the target account user's credentials in Lambda environment variables and use them to access resources.