Using EC2 Instance Metadata to Authenticate
If your cluster is running on EC2, the standard way to manage access is via Amazon Identity and Access Management (IAM),which allows you to create users, groups, and roles to control access to services such as Amazon S3 via attached policies.
A role does not have any credentials such as password or access keys associated with it. Instead, if a user is assigned to a role, access keys are generated dynamically and provided to the user when needed. For more information, refer to IAM Roles for Amazon EC2 in Amazon documentation.