Answer: Have the EC2 instance assume a role to obtain the privileges to upload the file.

## Explanation Using IAM roles for EC2 instances is the AWS security best practice for granting access to AWS services like S3. Here's why: ### ✅ **Correct Answer: Have the EC2 instance assume a role** - **IAM Roles for EC2**: This allows EC2 instances to obtain temporary security credentials automatically - **No Hard-coded Credentials**: Eliminates the security risk of storing access keys in code or configuration files - **Automatic Rotation**: Temporary credentials are automatically rotated - **Least Privilege**: You can assign only the permissions needed for the specific task - **No Manual Management**: No need to manage or rotate access keys manually ### ❌ **Why Other Options Are Incorrect:** - **Hard coding credentials**: Creates security vulnerabilities as credentials can be exposed in code repositories or application logs - **Storing credentials in text files**: Still exposes credentials on the instance and requires manual rotation - **Modifying S3 bucket policy for any service**: Violates the principle of least privilege and creates security risks ### **Best Practice Implementation:** 1. Create an IAM role with appropriate S3 permissions 2. Attach the role to the EC2 instance 3. The instance automatically receives temporary credentials 4. AWS SDKs automatically use these credentials for S3 operations This approach follows AWS security best practices and eliminates credential management overhead.

Author: Ritesh Yadav