AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company runs several applications on Amazon EC2 instances that need to read and write data to an Amazon S3 bucket. As a Solutions Architect, you need to design a secure solution that allows the applications to access the S3 bucket, following AWS security best practices. Which approach should you recommend?
Create an IAM user with access keys, and store the access keys in the EC2 instances to grant access to the S3 bucket.
Use the root user credentials to configure access on the EC2 instances for the S3 bucket.
Add the EC2 instances to an IAM group that has permissions to access the S3 bucket.
Assign an IAM role to the EC2 instances with a policy that grants the necessary permissions to access the S3 bucket.
Using an IAM role attached to the EC2 instances is the recommended approach. IAM roles provide temporary security credentials that are automatically managed by AWS, eliminating the need to store long-term credentials in the instances. This adheres to AWS security best practices and the principle of least privilege by granting nothing more than the necessary permissions. IAM users have permanent credentials. Storing them in the EC2 instances poses key management burden and security concerns. Using the root user credentials poses significant security risks and violates the least privilege principle where only the required permissions should be granted. EC2 instances cannot be added to IAM groups, as groups are intended for IAM users, not resources or services.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are IAM roles and why are they important in AWS?
Open an interactive chat with Bash
What is the principle of least privilege, and how does it apply to AWS?
Open an interactive chat with Bash
What are the security risks of using root user credentials in AWS?