A company uses AWS IAM Identity Center (AWS SSO) integrated with their on-premises Active Directory. Developers need CLI access to AWS accounts. The security policy mandates that long-term IAM access keys must not be used. How should developers authenticate to the AWS CLI?

Create IAM users for developers and use AWS STS to generate temporary tokens.

Use the AWS CLI v2 to run 'aws configure sso'. Developers authenticate via their web browser to receive short-term credentials.

Deploy an EC2 instance with an IAM role and require developers to SSH into it to run CLI commands.

Use AWS Cognito to issue JWT tokens for the AWS CLI.