An application running on Amazon EC2 instances must read objects from a specific Amazon S3 bucket. The current code uses long-lived IAM user access keys stored in a configuration file on each instance. The operations team wants to remove the static keys and grant the access in the most secure, least-privilege way. Which change meets this requirement?
- AGenerate a new IAM user with an S3 read-only managed policy and distribute its access keys to every instance through a shared encrypted configuration file.
- BCreate an IAM role with a policy scoped to that bucket and attach it to the instances through an instance profile so they receive temporary credentials automatically. Correct
- CEmbed the IAM user access keys in the application source code so they are version controlled and can be rotated whenever the build pipeline runs a new deployment.
- DAttach the AdministratorAccess managed policy to the existing IAM user so the instances can reach the bucket without any further policy changes being required.
Why A is wrong: This keeps long-lived static keys on the hosts, which is the very risk the team wants to remove, and a broad read-only policy on all buckets is wider than the single bucket needs.
Why B is correct: An IAM role delivered through an instance profile supplies automatically rotated temporary credentials and the scoped policy grants only the one bucket, removing static keys and meeting least privilege.
Why C is wrong: Hardcoding access keys in source code exposes them in the repository and build artifacts and still relies on the long-lived keys the team is trying to eliminate.
Why D is wrong: Administrator access grants far more than reading one bucket, violating least privilege, and it still depends on the static IAM user keys the team wants to remove.