What is the MOST operationally efficient solution to delegate permissions?
Create an IAM role with the required permissions. Attach the role to the EC2 instance.
Create an IAM user and use its access key and secret access key in the application.
Create an IAM user and use its access key and secret access key to create a CLI profile in the EC2 instance
Create an IAM role with the required permissions. Attach the role to the administrative IAM user.
Explanations:
Creating an IAM role with the required permissions and attaching it to the EC2 instance allows for temporary security credentials that automatically rotate, ensuring better security and operational efficiency.
Using an IAM user with access keys for the EC2 instance is less secure and requires manual management of keys, which can lead to potential exposure.
Similar to option B, using an IAM user’s access keys in a CLI profile requires manual management and is less secure than using an IAM role.
Attaching an IAM role to an administrative IAM user does not benefit the EC2 instance directly, and it is not an efficient way to delegate permissions for resource access.