Using temporary AWS credentials with lambda function code is always secure. This is where static analysis configuration plays an important role. It best to create an AWS service client within the function code through AWS SDK without providing any credentials. The SDK should automatically manage the retrieval and rotation of the credentials for the alloted role.