Using IAM roles for EC2 instances is the recommended best practice for providing AWS service access from applications running on EC2, as IAM roles provide temporary security credentials that are automatically rotated and do not require manual management. Storing static IAM user credentials on the instance is less secure because it risks exposing long-term credentials if the instance is compromised.