ExpertMinds LogoExpertMinds
Easy1 markMultiple Choice
Domain 1.1: Secure AccessSecurityIAMEC2DynamoDB

AWS SAA-C03 · Question 02 · Domain 1.1: Secure Access

An application running on Amazon EC2 instances needs to access an Amazon DynamoDB table. Both resources are in the same AWS account. <br/><br/>What is the MOST secure way to grant the EC2 instances access to the DynamoDB table?

Answer options:

A.

Create an IAM user with DynamoDB permissions. Store the access keys in a configuration file on the EC2 instances.

B.

Create an IAM role with permissions to access the DynamoDB table. Attach the role to an EC2 instance profile and assign it to the instances.

C.

Modify the DynamoDB resource-based policy to allow access from the EC2 instances' private IP addresses.

D.

Store IAM user credentials in AWS Secrets Manager and configure the application to retrieve them at runtime.

How to approach this question

Recall the AWS best practice for granting AWS service access to EC2 instances: always use IAM roles.

Full Answer

B.Create an IAM role with permissions to access the DynamoDB table. Attach the role to an EC2 instance profile and assign it to the instances.✓ Correct
Create an IAM role with permissions to access the DynamoDB table. Attach the role to an EC2 instance profile and assign it to the instances.
IAM roles for Amazon EC2 provide temporary credentials that are automatically rotated. This eliminates the need to manage long-term access keys.

Common mistakes

Choosing to store access keys in Secrets Manager instead of using native IAM roles.
01All questions03

Practice the full AWS SAA-C03 Practice Exam 4

65 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...MediumQ03A company is designing a web application that will be hosted on AWS. The application will use an ...MediumQ04A company is building a mobile app that requires users to authenticate using their social media a...HardQ05A solutions architect is designing a VPC for a three-tier web application. The database tier must...MediumQ06A company requires that all data stored in Amazon S3 must be encrypted at rest using keys managed...Easy
View all 65 questions →