Correct answer - "Create an IAM Role for ECS and assign it to the tasks" : You must also create a
role for your tasks to use before you can specify it in your task definitions. You can create
the role using the Amazon Elastic Container Service Task Role service role in the IAM console.
Then you can attach your specific IAM policy to the role that gives the containers in your task
the permissions you desire.
Incorrect:
"Assign an IAM role to the EC2 instance" - To limit permissions a container does not need access
to credentials that are intended for another container that belongs to another task
"Load the credentials within the docker container" - Instead of creating and distributing your
AWS credentials to the containers or using the EC2 instance's role, you can associate an IAM
role with an ECS task definition
"Use the parameter store to pass in AWS credentials" - A container can only retrieve credentials
for the IAM role that is defined in the task definition to which it belongs