You work in the media industry and have deployed a web application on a large EC2 instance where users can upload photos to your website. This web application must be able to call the S3 API to function properly. Where would you store your API credentials while maintaining the maximum level of security?

Answer options:

A.Save the API credentials to your PHP files.
B.Don’t save your API credentials. Instead, create an IAM role and assign that role to an EC2 instance.
C.Save your API credentials in a public Github repository.
D.Pass API credentials to the instance using instance user data.

Correct Answer – B
We designed IAM roles so that your applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use. Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles as follows:
Create an IAM role.
Define which accounts or AWS services can assume the role.
Define which API actions and resources the application can use after assuming the role.
Specify the role when you launch your instance or attach the role to an existing instance.
Have the application retrieve a set of temporary credentials and use them.
For more information on IAM Roles, please visit the below URL-
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html