Which action will MOST securely grant the EC2 instance access to the S3 bucket?

By:
In: SAA-C02
Tagged:
With: 1 Comment
A marketing company is storing CSV files in an Amazon S3 bucket for statistical analysis.An application on an Amazon EC2 instance needs permission to efficiently process the CSV data stored in the S3 bucket.

Which action will MOST securely grant the EC2 instance access to the S3 bucket?

Attach a resource-based policy to the S3 bucket.

Create an IAM user for the application with specific permissions to the S3 bucket.

Associate an IAM role with least privilege permissions to the EC2 instance profile.

Store AWS credentials directly on the EC2 instance for applications on the instance to use for API calls.

Explanations:

Attaching a resource-based policy to the S3 bucket can grant access, but it is not the most secure method for an EC2 instance, as it does not leverage the IAM role feature which is designed for this purpose.

Creating an IAM user for the application involves managing access keys, which is less secure than using roles. IAM users can lead to credential management issues.

Associating an IAM role with least privilege permissions to the EC2 instance profile is the most secure method. It allows the EC2 instance to access S3 without embedding credentials and can be managed dynamically.

Storing AWS credentials directly on the EC2 instance is insecure, as it exposes sensitive information and creates a risk of credential leakage.

2025-10-09

1 Comment

  1. Henry
    Author

    As I recall, the answer is:
    Associate an IAM role with least privilege permissions to the EC2 instance profile.

Leave a Reply

Your email address will not be published. Required fields are marked *

18 − eight =