To securely make API requests to an Amazon S3 bucket from an Amazon EC2 instance, you should use IAM roles rather than IAM users to avoid the need to store and manage credentials manually. Option B, creating an IAM role with permissions to the S3 bucket, is correct because roles are designed for this purpose. Option C, attaching an instance profile with the IAM role to the EC2 instance, is also correct because it ensures the EC2 instance can assume the role and obtain the necessary permissions to access the S3 bucket securely.