Free AWS Certified Developer Associate DVA-C02 Practice Question

A developer needs to enable an application hosted on Elastic Compute Cloud (EC2) instances to retrieve objects from a storage service that is managed under a separate organizational unit. What measure should be implemented to securely grant the necessary access without storing long-term credentials within the application’s codebase?

  • Assign an Inline policy directly to the storage bucket that permits access to the EC2 instances based on their security group IDs.

  • Embed a generated access and secret key of an IAM user with the necessary permissions into the application's environment variables for resource interaction.

  • Modify the access control configuration on the storage buckets to include the application host instances as explicit grantees for object retrieval.

  • Establish a cross-account IAM role with the required permissions to interact with the storage service and configure the EC2 instances to assume this role when accessing the resources.

This question's topic:
AWS Certified Developer Associate DVA-C02 / 
Security
Your Score:

Check or uncheck an objective to set which questions you will receive.