Assign permissions to users through IAM groups and Create a separate IAM user for each individual are correct because they enable scalable permission administration and clear accountability for actions by named individuals.

Assign permissions to users through IAM groups simplifies management by letting you grant, update, and audit permissions at the group level rather than per user. This approach supports the principle of least privilege and makes it easier to apply managed policies consistently across similar roles.

Create a separate IAM user for each individual gives each engineer a unique identity for authentication and auditing. Individual users let you require multi factor authentication and revoke or adjust access for a single person without impacting others.

Store static access keys inside application code is insecure because embedded keys can be leaked from source control or logs and they are hard to rotate. The recommended approach is to use temporary credentials from roles instead of hard coding secrets.

Use AWS Secrets Manager to keep long-lived access keys for EC2 applications instead of IAM roles is not recommended because storing long lived keys still creates exposure and rotation burden. EC2 instances should use IAM roles with instance profiles to obtain short lived credentials automatically.

Prefer inline policies rather than customer managed policies is discouraged because inline policies are attached to a single principal and they are harder to reuse and audit. Customer managed or AWS managed policies are easier to maintain and review.

Full AWS Practitioner Certification Question