AWS Certified Developer Associate Practice Test 2

Correct answer - "Use an IAM Instance Role" : An instance profile is a container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.

"Use environment variables" - This is another option if you configure AWS CLI on the EC2 instance. When configuring the AWS CLI you will set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables. This practice may not be bad for one instance but once you start running more EC2 instances this is not a good practice because you may have to change credentials on each instance whereas an IAM Role gets temporary permissions

"Hardcode the credentials in the application code" - It will work no doubt, not a good practice for a professional

"Use the SSM parameter store" - With parameter store you can store data such as passwords. The problem is that you need the SDK to access parameter store and without credentials you cannot use the SDK. Use parameter store for other uses such as database connectionstrings or other secret codes when you have already authenticated to AWS

For more information visit