Your application consists of a set of EC2 Instances spun up as part of an Auto Scaling group. These Instances need to access objects in an S3 bucket. Which of the following is the ideal approach to ensure this access is set in place?

Answer options:

A.Ensure that the Access Keys are picked up from another S3 bucket. Access Keys can be embedded in the User data during Instance Launch.
B.Ensure that the launch configurations in Auto scaling group have an instance profile associated with the IAM role to access S3 Objects.
C.Ensure that an IAM policy is attached to the S3 bucket which allows access to the S3 buckets.
D.Ensure that the launch configurations in Auto scaling group have an IAM user to access S3 Objects.

Answer – B
Applications must sign their API requests with AWS credentials. Therefore, if you are an application developer, you need a strategy for managing credentials for your applications that run on EC2 instances. For example, you can securely distribute your AWS credentials to the instances, enabling the applications on those instances to use your credentials to sign requests while protecting your credentials from other users. However, it`s challenging to securely distribute credentials to each instance, especially those that AWS creates on your behalfs, such as Spot Instances or instances in Auto Scaling groups. You must also be able to update the credentials on each instance when you rotate your AWS credentials.
We designed IAM roles so that your applications can securely make API requests from your instances without requiring you to manage the security credentials that the applications use.
For details about launch configurations, please refer to the below URL-
https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-launch-config.html
Option A is incorrect since using Access keys is the least secure option.
Option C is incorrect since the IAM policy is not the right option. You have to use IAM Roles instead. Also, attaching the IAM role should be a part of Launch Configurations.
Option D is incorrect since you need to use IAM Roles and not IAM Users.
To understand the basic difference between IAM Roles and Users:
IAM controls: Who can do What in your AWS account. Who (Authentication) in IAM is defined using users/groups and roles means what (Authorization) is defined by policies.
User - End-user think about people
Groups- a set of users under one set of permission(policies)
Roles - are used for granting specific permission to specific users for a specific time.
For more information on IAM Roles for EC2, please refer to the below URL-
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
https://docs.aws.amazon.com/cli/latest/reference/autoscaling/create-launch-configuration.html