We have already discussed EC2 instance roles as a much better way of providing credentials to your application.

A good practice is to always create and assign an IAM role to your instances, even if it is not needed at the time and holds no permissions.

This is because IAM roles can only be assigned when an EC2 instance is being launched.