Answer: Create an IAM role that grants access to the S3 bucket. Attach the role to the EC2 instances.

## Explanation The correct answer is **A** because: 1. **IAM Roles for EC2 Instances**: IAM roles are specifically designed to grant AWS service permissions to EC2 instances. When you attach an IAM role to an EC2 instance, the instance automatically receives temporary security credentials that allow it to access AWS resources like S3 buckets. 2. **Why other options are incorrect**: - **Option B**: IAM policies cannot be directly attached to EC2 instances. Policies must be attached to IAM users, groups, or roles. - **Option C**: IAM groups are collections of IAM users and cannot be attached to EC2 instances. - **Option D**: IAM users are for human users or applications that need long-term credentials, not for EC2 instances. Storing user credentials on EC2 instances is a security risk. 3. **Best Practice**: Using IAM roles with EC2 instances follows the principle of least privilege and eliminates the need to manage credentials on the instances. The role provides temporary credentials that are automatically rotated. 4. **Implementation**: The solutions architect should: - Create an IAM role with a policy that grants the necessary S3 permissions - Attach the role to the EC2 instances (either during instance launch or afterwards) - The application running on the EC2 instances can then use the AWS SDK to access the S3 bucket without needing to store credentials

Author: LeetQuiz Editorial Team