ExpertHard1 markMultiple Choice
AWS SAA-C03 · Question 04 · Domain 1.1: Secure Access
An application running on an EC2 instance needs to access an Amazon DynamoDB table in a different AWS account. What is the MOST secure way to grant this access?
An application running on an EC2 instance needs to access an Amazon DynamoDB table in a different AWS account. What is the MOST secure way to grant this access?
Answer options:
A.
Create an IAM user in the target account and store the credentials on the EC2 instance.
B.
Create an IAM role in the target account. Allow the EC2 instance's role to assume it.
C.
Make the DynamoDB table public and use a VPC endpoint.
D.
Use AWS Resource Access Manager (RAM) to share the DynamoDB table.
How to approach this question
Look for cross-account role assumption.
Full Answer
B.Create an IAM role in the target account. Allow the EC2 instance's role to assume it.✓ Correct
Create an IAM role in the target account with DynamoDB access. Attach a policy to the EC2 instance's role allowing it to assume the target role.
Assuming an IAM role across accounts provides temporary, secure credentials without hardcoding access keys.
Common mistakes
Choosing IAM users/credentials instead of roles.
Practice the full AWS SAA-C03 Practice Exam 2
65 questions · hints · full answers · grading
More questions from this exam
Q01A company wants to ensure that no AWS resources can be created in the ap-northeast-1 region acros...EasyQ02A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The com...EasyQ03A company is storing highly sensitive data in an Amazon S3 bucket. The security team requires tha...MediumQ05A company needs to store database credentials securely. The credentials must be automatically rot...MediumQ06A solutions architect needs to implement a threat detection service that continuously monitors fo...Easy