Which solution will meet this requirement with the LEAST application disruption?

By:
In: DVA-C02
Tagged:
With: 1 Comment
A developer is running an application on an Amazon EC2 instance.When the application tries to read an Amazon S3 bucket, the application fails.The developer notices that the associated IAM role is missing the S3 read permission.The developer needs to give the application the ability to read the S3 bucket.

Which solution will meet this requirement with the LEAST application disruption?

Add the permission to the role. Terminate the existing EC2 instance. Launch a new EC2 instance.

Add the permission to the role so that the change will take effect automatically.

Add the permission to the role. Hibernate and restart the existing EC2 instance.

Add the permission to the S3 bucket. Restart the EC2 instance.

Explanations:

Terminating the EC2 instance and launching a new one would cause unnecessary disruption and downtime, as the application would need to be re-deployed. This does not provide the least disruption.

Adding the permission to the IAM role will allow the change to take effect immediately for the existing EC2 instance, enabling the application to read from the S3 bucket without any downtime.

While adding the permission to the role is correct, hibernating and restarting the instance is not necessary and introduces additional steps that could cause delays. The permission change takes effect without a restart.

Adding permission to the S3 bucket does not solve the issue with the IAM role and does not provide the required permissions to the EC2 instance’s application. Restarting the EC2 instance is also unnecessary for this solution.

2025-10-10

1 Comment

  1. Roger
    Author

    I categorize that the answer is:
    Add the permission to the role so that the change will take effect automatically.

Leave a Reply

Your email address will not be published. Required fields are marked *

one + five =