Your team is developing an application that makes use of Docker containers. These containers will be deployed to the Elastic Container Service. The applications on these containers need to interact with DynamoDB tables. Which of the following is the most secure way to ensure the containers can interact with DynamoDB?

Answer options:

A.Create an IAM Role for the ECS Tasks.
B.Embed the Access Keys in the containers.
C.Embed the Access Keys in the cluster.
D.Use an IAM user’s credentials to spin up the cluster.

Answer - A
The AWS Documentation mentions the following.
With IAM roles for Amazon ECS tasks, you can specify an IAM role that the containers in a task can use. Applications must sign their AWS API requests with AWS credentials. This feature provides a strategy for managing credentials for your applications to use, similar to how Amazon EC2 instance profiles provide credentials to EC2 instances. Instead of creating and distributing your AWS credentials to the containers or using the EC2 instance’s role, you can associate an IAM role with an ECS task definition or RunTask API operation. The applications in the task’s containers can then use the AWS SDK or CLI to make API requests to authorized AWS services.
All other options are invalid since the most secure way is to use IAM Roles for accessing AWS services.
For more information on IAM Roles for tasks, please refer to the below URL-
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html