AWS Certified Cloud Practitioner — Question 960

A company's web application requires AWS credentials and authorizations to use an AWS service.
Which IAM entity should the company use as best practice?

Answer options

• A. IAM role
• B. IAM user
• C. IAM group
• D. IAM multi-factor authentication (MFA)

Correct answer: A

Explanation

Using an IAM role is the AWS best practice for granting applications permissions because it provides temporary, automatically rotated credentials instead of long-term credentials. IAM users and groups are designed for human access and user management, making them less secure for application authentication. IAM MFA is an authentication security feature, not an identity entity.