What actions should be taken to troubleshoot the issue while maintaining least privilege?
(Choose two.)
Configure and assign an MFA device to the role used by the instances.
Verify that the SQS resource policy does not explicitly deny access to the role used by the instances.
Verify that the access key attached to the role used by the instances is active.
Attach the AmazonSQSFullAccess managed policy to the role used by the instances.
Verify that the role attached to the instances contains policies that allow access to the queue.
Explanations:
Configuring and assigning an MFA device is unrelated to resolving the access issue with SQS. MFA is typically used for user authentication, not for EC2 instances interacting with SQS.
Verifying the SQS resource policy ensures there are no explicit denies in the policy, which could block access to the queue. This is an important step in troubleshooting IAM access issues.
The access key attached to the role used by the instances is not relevant because IAM roles do not use access keys directly. Roles use temporary credentials that are automatically managed.
Attaching the AmazonSQSFullAccess policy grants excessive permissions, which violates the least privilege principle. It’s better to troubleshoot using the existing role permissions.
Verifying that the role attached to the instances contains the correct permissions for accessing the queue is a crucial step in troubleshooting the issue while adhering to least privilege.
In my experience, the answer is:
Verify that the SQS resource policy does not explicitly deny access to the role used by the instances.