ExpertMinds LogoExpertMinds
Easy1 markMultiple Choice
Domain 1.1: Secure AccessDomain 1SecurityIAMEC2

AWS SAA-C03 · Question 02 · Domain 1.1: Secure Access

A solutions architect is designing an application that will run on Amazon EC2 instances. The application needs to access an Amazon S3 bucket to read configuration files. What is the MOST secure way to grant the EC2 instances access to the S3 bucket?

Answer options:

A.

Create an IAM user with S3 read access, generate access keys, and store them in the EC2 instance's environment variables.

B.

Create an IAM role with read access to the S3 bucket and attach it to an EC2 instance profile.

C.

Make the S3 bucket public and restrict access using a bucket policy that only allows the EC2 instance's public IP.

D.

Store IAM user credentials in AWS Secrets Manager and configure the application to retrieve them at startup.

How to approach this question

Always use IAM roles for EC2 instances to access other AWS services. Never use long-term access keys.

Full Answer

B.Create an IAM role with read access to the S3 bucket and attach it to an EC2 instance profile.✓ Correct
Create an IAM role with read access to the S3 bucket and attach it to an EC2 instance profile.
An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, but it is not associated with a specific person. Instead, it can be assumed by anyone who needs it. EC2 uses instance profiles as a container for an IAM role.

Common mistakes

Selecting options that involve long-term access keys (IAM users).
01All questions03

Practice the full AWS SAA-C03 Practice Exam 1

65 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...MediumQ03A company wants to implement a federated identity solution for its employees to access the AWS Ma...MediumQ04A mobile application needs to access Amazon DynamoDB directly to read user-specific data. The app...HardQ05A company is hosting a web application on Amazon EC2 instances. The application connects to an Am...MediumQ06A solutions architect is reviewing the security of an AWS account. The architect notices that the...Easy
View all 65 questions →