Which of the below mentioned statements is true with respect to the best practice for security in this scenario?
The user should attach an IAM role with DynamoDB access to the EC2 instance
The user should create an IAM user with DynamoDB access and use its credentials within the application to connect with DynamoDB
The user should create an IAM role, which has EC2 access so that it will allow deploying the application
The user should create an IAM user with DynamoDB and EC2 access. Attach the user with the application so that it does not use the root account credentials
Explanations:
Attaching an IAM role with appropriate DynamoDB access to the EC2 instance is the best practice. The EC2 instance can automatically assume the IAM role, and the application can securely use the associated permissions to access DynamoDB without requiring hard-coded credentials.
Using an IAM user with DynamoDB access and embedding its credentials in the application is not recommended. Storing access keys in the application can lead to security risks, as they may be exposed. IAM roles provide a more secure way to handle permissions.
Creating an IAM role with EC2 access alone does not address the need to access DynamoDB. The IAM role should include the necessary permissions to interact with DynamoDB as well. EC2 access is not sufficient by itself.
Creating an IAM user and attaching it to the application with both DynamoDB and EC2 access is not recommended due to security risks. Embedding IAM user credentials in the application is not a best practice, and IAM roles should be used instead.
I reckon the answer is:
The user should attach an IAM role with DynamoDB access to the EC2 instance