An application runs on Amazon EC2 instances and needs to access an Amazon S3 bucket. What is the MOST secure way to grant the EC2 instances access to the S3 bucket?

Answer options:

Store IAM user access keys in a configuration file on the EC2 instances.

Create an IAM role with S3 access permissions and attach it to an EC2 instance profile.

Make the S3 bucket public and restrict access using a bucket policy based on the EC2 instance IP addresses.

Embed IAM user credentials directly into the application code.

How to approach this question

Look for the solution that avoids long-term credentials. IAM roles attached to EC2 instances are the AWS best practice.

B.Create an IAM role with S3 access permissions and attach it to an EC2 instance profile.✓ Correct

Create an IAM role with S3 access permissions and attach it to an EC2 instance profile.

IAM roles attached via instance profiles allow applications running on EC2 to securely make API requests without managing long-term credentials.

Choosing to store access keys, which violates security best practices.

65 questions · hints · full answers · grading