AWS Certified Solutions Architect Associate SAA-C03 Practice Question
An application running in an Amazon EC2 instance requires access to an Amazon S3 bucket to read and write data. What is the most secure method to grant the application the required permissions?
Assign an IAM role to the EC2 instance with the required permissions.
Embed AWS access keys in the application source code.
Store AWS credentials in the instance in an encrypted file.
Use environment variables to store AWS access keys on the instance.
Assigning an IAM role to the EC2 instance with the required permissions is the most secure method. IAM roles provide temporary security credentials that applications can use to access AWS services without the need to store credentials in the instance. The instance profile associated with the IAM role supplies these credentials securely through the instance metadata service.
Hardcoding AWS access keys or storing them in the instance, even in encrypted files or environment variables, poses a risk of credential exposure if the instance or the source code is compromised. IAM roles eliminate the need to manage long-term credentials, enhancing the overall security of the application.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an IAM role?
Open an interactive chat with Bash
What is the instance metadata service?
Open an interactive chat with Bash
Why is hardcoding AWS access keys a security risk?