A developer needs to allow an application running on an EC2 instance to connect to an Amazon RDS for MySQL DB instance securely. Which combination of steps should the developer take?
This avoids storing credentials and uses temporary tokens.
Why this answer
Option B is correct because using IAM roles for EC2 and IAM database authentication for RDS is the most secure approach. Option A is wrong because hardcoding credentials in the application is insecure. Option C is wrong because opening the database to the world is insecure.
Option D is wrong because storing credentials in S3 without encryption is insecure.