AWS Certified Cloud Practitioner

IAM Roles are the secure way to use AWS API from EC2 instances because:

• IAM Roles provide temporary security credentials that are automatically rotated
• They don't require storing long-term credentials (access keys/passwords) on the EC2 instance
• Roles can be assumed by the EC2 instance service, eliminating the need to manage credentials
• Temporary credentials reduce the risk of credential exposure
• AWS automatically manages the credential lifecycle

Why other options are less secure:

• IAM Users: Require long-term access keys that must be stored on the instance
• IAM Groups: Are containers for users, not credentials themselves
• IAM Policies: Define permissions but don't provide credentials

The AWS documentation confirms that IAM roles are intended to be assumable by anyone who needs them and provide temporary security credentials dynamically.