An application running on Amazon EC2 needs to access an Amazon DynamoDB table. What is the MOST secure way to grant the EC2 instance access to DynamoDB?

Answer options:

Store IAM access keys in the EC2 instance's environment variables.

Create an IAM role with DynamoDB permissions and attach it to the EC2 instance profile.

Create an IAM user for the application and store the credentials in an S3 bucket.

Configure a VPC endpoint for DynamoDB and allow all traffic.

How to approach this question

Always use IAM roles for AWS resources to avoid managing long-term credentials.

Full Answer

B.Create an IAM role with DynamoDB permissions and attach it to the EC2 instance profile.✓ Correct

Create an IAM role with DynamoDB permissions and attach it to the EC2 instance profile.

Attaching an IAM role to an EC2 instance profile allows applications running on the instance to securely access AWS services using temporary credentials managed by AWS.

Common mistakes

Selecting access keys, which violates the best practice of avoiding long-term credentials.

Question 05 All questions Question 07

Practice the full AWS SAA-C03 Practice Exam 3

65 questions · hints · full answers · grading

More questions from this exam

Q01A company stores sensitive documents in an Amazon S3 bucket. The security team requires that only...Easy Q02A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...Medium Q03A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (AL...Easy Q04A company wants to continuously monitor its AWS accounts for malicious activity and unauthorized ...Medium Q05A company needs to encrypt data at rest in Amazon RDS and manage database credentials securely. T...Medium

View all 65 questions →