ExpertEasy1 markMultiple Choice
AWS SAA-C03 · Question 02 · Domain 1.1: Secure Access
An application runs on Amazon EC2 instances and needs to access an Amazon S3 bucket. What is the MOST secure way to grant the EC2 instances access to the S3 bucket?
An application runs on Amazon EC2 instances and needs to access an Amazon S3 bucket. What is the MOST secure way to grant the EC2 instances access to the S3 bucket?
Answer options:
A.
Store IAM user access keys in a configuration file on the EC2 instances.
B.
Create an IAM role with S3 access permissions and attach it to an EC2 instance profile.
C.
Make the S3 bucket public and restrict access using a bucket policy based on the EC2 instance IP addresses.
D.
Embed IAM user credentials directly into the application code.
How to approach this question
Look for the solution that avoids long-term credentials. IAM roles attached to EC2 instances are the AWS best practice.
Full Answer
B.Create an IAM role with S3 access permissions and attach it to an EC2 instance profile.✓ Correct
IAM roles attached via instance profiles allow applications running on EC2 to securely make API requests without managing long-term credentials.
Common mistakes
Choosing to store access keys, which violates security best practices.
Practice the full AWS SAA-C03 Practice Exam 7
65 questions · hints · full answers · grading
More questions from this exam
Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team needs...MediumQ03A company wants to implement federated access to the AWS Management Console for its employees usi...MediumQ04A company is building a mobile application that requires users to sign in using their social medi...EasyQ05A security team wants to enforce MFA for all IAM users before they can terminate EC2 instances. H...MediumQ06A company needs to grant a third-party vendor access to an S3 bucket in its AWS account. The vend...Hard