Hi everyone. I have a question with regard to passing credentials. My local prefect agent pulls deployment information from an s3 bucket and does so using its local AWS credentials (i.e.

~/.aws/credentials

). One of my jobs starts a docker container which in turn runs some EC2 infrastructure which also requires credentials obviously. I have a few options now: 1. Give the prefect user EC2 permissions and pass

~/.aws/credentials

keys as an environment variables to my container in the flow 2. Use a different set of credentials entirely (i.e. another user) stored in an AwsCredentials Block and pass that to my container. I'm leaning towards the latter to keep the scopes as separate as possible. Is this the recommended approach though?