What steps are required after the deployment to meet the requirements?
(Choose two.)
Create tasks using the bridge network mode.
Create tasks using the awsvpc network mode.
Apply security groups to Amazon EC2 instances, and use IAM roles for EC2 instances to access other resources.
Apply security groups to the tasks, and pass IAM credentials into the container at launch time to access other resources.
Apply security groups to the tasks, and use IAM roles for tasks to access other resources.
Explanations:
The bridge network mode does not support the best practices for security and isolation in a microservice architecture on AWS. It limits the ability to assign security groups directly to individual tasks, making it less suitable for implementing least privilege access.
The awsvpc network mode allows each task to have its own elastic network interface (ENI) and a unique private IP address. This mode supports the application of security groups directly to tasks, which enhances security by allowing fine-grained network controls consistent with the least privilege principle.
While applying security groups to EC2 instances and using IAM roles for EC2 instances is a valid approach, it does not directly apply the principle of least privilege for the containerized architecture, as it does not focus on task-level permissions and security.
Passing IAM credentials into containers at launch time can lead to security vulnerabilities, as it might expose sensitive information. Additionally, it does not utilize IAM roles for tasks, which would be a more secure method of granting permissions.
Applying security groups to the tasks and using IAM roles for tasks provides the ability to control access at the task level while following the least privilege principle. IAM roles for tasks allow containers to assume permissions only for the duration of their execution, which is a best practice for security.