you have a web application hosted on ec2 that makes get and put requests for objects stored in amazon simple storage service (s3) using the sdk for php. as the security team completed the final review of your application for vulnerabilities, they noticed that your application uses hardcoded iam access key and secret access key to gain access to aws services. they recommend you leverage a more secure setup, which should use temporary credentials if possible.