What steps are required after the deployment to meet the requirements?
(Choose two.)
Create tasks using the bridge network mode.
Create tasks using the awsvpc network mode.
Apply security groups to Amazon EC2 instances, and use IAM roles for EC2 instances to access other resources.
Apply security groups to the tasks, and pass IAM credentials into the container at launch time to access other resources.
Apply security groups to the tasks, and use IAM roles for tasks to access other resources.
Explanations:
The bridge network mode does not allow for fine-grained security controls at the task level, which is needed to meet the least privilege requirement.
The awsvpc network mode assigns each task its own Elastic Network Interface (ENI), enabling better isolation and security through the use of security groups directly applied to the tasks.
While applying security groups to EC2 instances is a valid security practice, this does not meet the requirement of applying least privilege at the task level within a containerized architecture.
Passing IAM credentials into the container can lead to security risks and does not leverage AWS best practices for task-level security. It is better to use IAM roles for tasks.
Applying security groups to the tasks and using IAM roles for tasks allows for controlled access to other resources while adhering to the least privilege principle.