A developer has created a script that accesses an S3 bucket. The script will run on an EC2 Instance at regular intervals. What is the authentication mechanism that should be employed to ensure that the script works as desired?

Answer options:

A.Create an IAM user. Ensure the IAM user has access to the S3 bucket via IAM policies. Embed the user name and password in the script.
B.Create an IAM Role. Ensure the IAM Role has access to the S3 bucket via IAM policies. Attach the role to the instance.
C.Create an IAM user. Ensure the IAM user has access to the S3 bucket via IAM policies. Embed the Access keys to the program.
D.Create an IAM user. Ensure the IAM user has access to the S3 bucket via IAM policies. Embed the Access keys as environment variables for the Instance.

Answer - B
The AWS Documentation mentions the following.
You have an application or AWS CLI scripts running on an Amazon EC2 instance. Do not pass an access key to the application, embed it in the application, or have the application read a key from a source such as an Amazon S3 bucket (even if the bucket is encrypted). Instead, define an IAM role with appropriate permissions for your application and launch the Amazon EC2 instance with roles for EC2. This associates an IAM role with the Amazon EC2 instance and lets the application get temporary security credentials that it can, in turn, use to make AWS calls. The AWS SDKs and the AWS CLI can get temporary credentials from the role automatically.
All other options are incorrect since the most secure way is to create and use IAM Roles.
For more information on best practices for Access Keys, please refer to the below URL-
https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html