Which approach should the company take to allow the application to interact with Amazon S3?
Create an IAM role that has administrative access to AWS. Attach the role to the EC2 instance.
Create an IAM user. Attach the AdministratorAccess policy. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.
Create an IAM role that has the necessary access to Amazon S3. Attach the role to the EC2 instance.
Create an IAM user. Attach a policy that provides the necessary access to Amazon S3. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.
Explanations:
Attaching a role with administrative access to the EC2 instance grants excessive permissions, violating the principle of least privilege. It’s better to grant only the necessary permissions.
Using an IAM user with hardcoded access keys is not a best practice, as it poses a security risk if the keys are exposed. IAM roles are preferred for AWS service access.
Creating an IAM role with the necessary access to Amazon S3 and attaching it to the EC2 instance follows best practices, allowing secure and temporary credentials for the application to interact with S3.
Similar to option B, using an IAM user with hardcoded access keys is not secure. It’s best to use IAM roles instead of IAM users for service interactions in AWS.