Applications are installed on Amazon EC2 instances in which an IAM role is configured. Which of the following services provides temporary security credentials for the applications to access to other AWS resources?

Answer options:

A.AWS IAM user
B.Amazon Cognito
C.AWS IAM groups
D.AWS STS

Correct Answer : D
Applications deployed on Amazon EC2 instance can be provided security credentials using AWS STS, allowing short-term limited period credentials. With this, there is no need to save credentials in the Amazon EC2 instance.
Options A & C are incorrect as the IAM users & IAM group can create authentication & manage access for users accessing AWS services. Saving these credentials on EC2 for applications while accessing other AWS resources is against security guidelines.
Option B is incorrect as Amazon Cognito helps to provide user access control for mobile & web apps.
For more information on use cases for AWS STS, refer to the following URL:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html