AWS Certified Developer Associate DVA-C02 Practice Question
Your application, hosted on multiple Amazon EC2 instances, needs to perform periodic data processing tasks on an Amazon S3 bucket. The tasks require the application to have read, write, and list permissions on the bucket. To align with security best practices, which action should you take to grant these S3 permissions to the application?
Configure a resource-based policy on the S3 bucket to grant the EC2 instances the required permissions.
Create an IAM user for each EC2 instance with permissions to access the S3 bucket and store the credentials in a configuration file on each instance.
Attach an IAM managed policy with the required S3 permissions directly to the EC2 instances.
Create an IAM role with the specified S3 permissions and attach it to the EC2 instances using an instance profile.
Attaching an instance profile that contains an IAM role with the necessary S3 permissions to your EC2 instances is the recommended solution for this scenario. This allows the application to assume the IAM role and obtain temporary credentials, which can be used to access the S3 bucket. The use of an instance profile ensures that the EC2 instance can securely make API calls to AWS services on behalf of the user that assumed the role. Unlike static credentials, these permissions are automatically rotated and managed by AWS. Creating individual IAM users is not scalable for multiple instances, and hard-coding credentials is a security risk and violates the AWS recommended practice of not embedding secrets in code. Using a resource-based policy on the S3 bucket is not possible, as it cannot grant the necessary EC2 instance permissions to assume a role.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an IAM role and how is it different from an IAM user?
Open an interactive chat with Bash
What is an instance profile in the context of IAM roles?
Open an interactive chat with Bash
What are the security benefits of attaching an IAM role to an EC2 instance compared to hard-coding credentials?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .