Which solution will meet this requirement with the LEAST application disruption?

By:
On:
In: DVA-C01
Tagged:
With: 0 Comments
A developer is running an application on an Amazon EC2 instance.When the application tries to read an Amazon S3 bucket, the application fails.The developer notices that the associated IAM role is missing the S3 read permission.The developer needs to give the application the ability to read the S3 bucket.

Which solution will meet this requirement with the LEAST application disruption?

Add the permission to the role. Terminate the existing EC2 instance. Launch a new EC2 instance.

Add the permission to the role so that the change will take effect automatically.

Add the permission to the role. Hibernate and restart the existing EC2 instance.

Add the permission to the S3 bucket. Restart the EC2 instance.

Explanations:

Terminating the existing EC2 instance and launching a new one causes unnecessary disruption and does not directly address the permission issue. The IAM role can be updated without requiring instance termination.

Adding the S3 read permission to the IAM role will allow the changes to take effect automatically for the running EC2 instance. IAM role permissions are applied dynamically without needing to restart the instance.

While hibernating and restarting might apply the new permissions, this is unnecessary since IAM role permissions can take effect without restarting the instance. Restarting causes more disruption than needed.

Modifying the S3 bucket policy is not required for giving EC2 the ability to read the bucket, as the IAM role associated with the EC2 instance controls the permissions. Restarting the instance does not resolve the missing IAM permissions.

Leave a Reply

Your email address will not be published. Required fields are marked *

fourteen − 13 =