Your company has a set of EC2 Instances that access data objects stored in an S3 bucket. Your IT Security department is concerned about this architecture`s security and wants you to implement the following.
1) Ensure that the EC2 Instance securely accesses the data objects stored in the S3 bucket.
2) Prevent accidental deletion of objects.
What would be helpful to fulfill the requirements of the IT Security department? (SELECT TWO)

Answer options:

A.Create an IAM user and ensure the EC2 Instances use the IAM user credentials to access the bucket data.
B.Create an IAM Role and ensure the EC2 Instances use the IAM Role to access the bucket data.
C.Use S3 Cross-Region Replication to replicate the objects so that the integrity of data is maintained.
D.Use an S3 bucket policy that ensures that MFA Delete is set on the objects in the bucket.

Correct Answers - B and D
AWS Documentation mentions the following.
IAM roles are designed to securely make API requests from your instances without requiring you to manage the security credentials that the applications use. Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles.
For more information on IAM Roles, please refer to the link below.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
MFA Delete can be used to add another layer of security to S3 Objects to prevent accidental deletion of objects.
For more information on MFA Delete, please refer to the link below.
https://aws.amazon.com/blogs/security/securing-access-to-aws-using-mfa-part-3/