Which approach should the company take to allow the application to interact with Amazon S3?

By:
In: DVA-C01
Tagged:
With: 2 Comments
A company wants to migrate applications from its on-premises servers to AWS.As a first step, the company is modifying and migrating a non-critical application to a single Amazon EC2 instance.The application will store information in an Amazon S3 bucket.The company needs to follow security best practices when deploying the application on AWS.

Which approach should the company take to allow the application to interact with Amazon S3?

Create an IAM role that has administrative access to AWS. Attach the role to the EC2 instance.

Create an IAM user. Attach the AdministratorAccess policy. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.

Create an IAM role that has the necessary access to Amazon S3. Attach the role to the EC2 instance.

Create an IAM user. Attach a policy that provides the necessary access to Amazon S3. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.

Explanations:

While creating an IAM role with administrative access and attaching it to the EC2 instance provides access to S3, it does not follow the principle of least privilege, which recommends granting only the necessary permissions for specific tasks.

Using an IAM user with AdministratorAccess and hardcoding access keys within the application code is not a best practice. It exposes sensitive credentials and lacks the security benefits of using IAM roles, which allow temporary credentials and automatic rotation.

Creating an IAM role with the necessary access permissions to S3 and attaching it to the EC2 instance is the best practice. It allows the application to assume the role, providing temporary credentials without hardcoding sensitive information, aligning with the principle of least privilege.

Similar to option B, using an IAM user with access keys hardcoded in the application is insecure. While it may grant necessary permissions, it does not leverage the security advantages of using IAM roles, such as automatic credential management and reduced risk of key exposure.

2026-04-03

2 Comments

  1. Janet
    Author

    I suspect that the answer is:
    Create an IAM role that has the necessary access to Amazon S3. Attach the role to the EC2 instance.

  2. Ethan
    Author

    I think the answer is:
    Create an IAM role that has the necessary access to Amazon S3. Attach the role to the EC2 instance.

Leave a Reply

Your email address will not be published. Required fields are marked *

seventeen − seven =