A developer is deploying an application on Amazon EC2 instances that run in Account A. In certain cases, this application needs to read data from a private Amazon S3 bucket in Account B. The developer must provide the application access to the S3 bucket without exposing the S3 bucket to anyone else.
Which combination of actions should the developer take to meet these requirements? (Choose two.)
A. Create an IAM role with S3 read permissions in Account B.
B. Update the instance profile IAM role in Account A with S3 read permissions.
C. Make the S3 bucket public with limited access for Account A.
D. Configure the bucket policy in Account B to grant permissions to the instance profile role.
E. Add a trust policy that allows s3:Get* permissions to the IAM rote in Account B.
Which combination of actions should the developer take to meet these requirements? (Choose two.)
A. Create an IAM role with S3 read permissions in Account B.
B. Update the instance profile IAM role in Account A with S3 read permissions.
C. Make the S3 bucket public with limited access for Account A.
D. Configure the bucket policy in Account B to grant permissions to the instance profile role.
E. Add a trust policy that allows s3:Get* permissions to the IAM rote in Account B.