AWS Certified Developer Associate DVA-C02 Practice Question
A developer needs to enable an application hosted on Elastic Compute Cloud (EC2) instances to retrieve objects from a storage service that is managed under a separate organizational unit. What measure should be implemented to securely grant the necessary access without storing long-term credentials within the application’s codebase?
Embed a generated access and secret key of an IAM user with the necessary permissions into the application's environment variables for resource interaction.
Modify the access control configuration on the storage buckets to include the application host instances as explicit grantees for object retrieval.
Establish a cross-account IAM role with the required permissions to interact with the storage service and configure the EC2 instances to assume this role when accessing the resources.
Assign an Inline policy directly to the storage bucket that permits access to the EC2 instances based on their security group IDs.