AWS Certified Developer Associate DVA-C02 Practice Question
Your application, hosted on multiple Amazon EC2 instances, needs to perform periodic data processing tasks on an Amazon S3 bucket. The tasks require the application to have read, write, and list permissions on the bucket. To align with security best practices, which action should you take to grant these S3 permissions to the application?
Create an IAM user for each EC2 instance with permissions to access the S3 bucket and store the credentials in a configuration file on each instance.
Create an IAM role with the specified S3 permissions and attach it to the EC2 instances using an instance profile.
Configure a resource-based policy on the S3 bucket to grant the EC2 instances the required permissions.
Attach an IAM managed policy with the required S3 permissions directly to the EC2 instances.