Heroku: Using AWS S3 to Store Static Assets and File Uploads suggests using my AWS security credentials to enable my Heroku app to access my Amazon S3 bucket.
However, isn't it better practice (as explained in IAM Roles: Providing access to third parties) to use an IAM role to grant my Heroku app access to my Amazon S3 bucket?
If that's not possible, would the next best option be to create an IAM user (with credentials) just for use with my Heroku app?