How can these requirements be met with minimal changes and minimum downtime?

By:
In: DVA-C01
Tagged:
With: 1 Comment
A developer is building an application on Amazon EC2.The developer encountered an “Access Denied” error on some of the API calls to AWS services while testing.The developer needs to modify permissions that have been already given to the instance.

How can these requirements be met with minimal changes and minimum downtime?

Make a new IAM role with the needed permissions. Stop the instance. Attach the new IAM role to the instance. Start the instance.

Delete the existing IAM role. Attach a new IAM role with the needed permissions.

Stop the instance. Update the attached IAM role adding the needed permissions. Start the instance.

Update the attached IAM role adding the needed permissions.

Explanations:

Creating a new IAM role and stopping the instance to attach it would result in unnecessary downtime and complexity, as existing roles can be modified directly without needing to create a new one.

Deleting the existing IAM role is not necessary and could lead to further permission issues. It would also involve downtime since roles cannot be switched without stopping the instance.

While updating the attached IAM role by stopping the instance is a feasible method, it introduces unnecessary downtime as the instance needs to be stopped and started.

Updating the attached IAM role to add the needed permissions can be done without stopping the instance, allowing for minimal changes and no downtime. IAM role changes take effect immediately.

2025-10-08

1 Comment

  1. Kenneth
    Author

    It appears that the answer is:
    Update the attached IAM role adding the needed permissions.

Leave a Reply

Your email address will not be published. Required fields are marked *

eighteen − two =