In the context of IAM roles for Amazon EC2, which of the following NOT true about delegating permission to make API requests?
You cannot create an IAM role.
You can have the application retrieve a set of temporary credentials and use them.
You can specify the role when you launch your instances.
You can define which accounts or AWS services can assume the role.
Explanations:
Youabsolutely cancreate IAM roles. Creating and using IAM roles is the standard and recommended way to delegate permissions to EC2 instances. Therefore, this statement is NOT true and is the correct answer to the question.
When an EC2 instance is launched with an IAM role, applications running on that instance can retrieve temporary credentials from the instance metadata service. This is how they gain the permissions associated with the role.
You specify the IAM role to be associated with an EC2 instance during the instance launch process. This is how the instance is granted the necessary permissions.
When defining an IAM role, you specify a trust policy that determines which entities (AWS accounts, AWS services, or other identities) are allowed to assume that role. This is a crucial part of the IAM role configuration.