Which solution meets these requirements?

By:
On:
In: DVA-C01
Tagged:
With: 0 Comments
A developer is creating a new batch application that will run on an Amazon EC2 instance.The application requires read access to an Amazon S3 bucket.The developer needs to follow security best practices to grant S3 read access to the application.

Which solution meets these requirements?

Add the permissions to an IAM policy. Attach the policy to a role. Attach the role to the EC2 instance profile.

Add the permissions inline to an IAM group. Attach the group to the EC2 instance profile.

Add the permissions to an IAM policy. Attach the policy to a user. Attach the user to the EC2 instance profile.

Add the permissions to an IAM policy. Use IAM web identity federation to access the S3 bucket with the policy.

Explanations:

This solution follows security best practices by creating an IAM policy with the necessary permissions and attaching the policy to a role. The role is then assigned to the EC2 instance profile, granting the application the required permissions in a secure and scalable manner.

Attaching permissions to an IAM group and then assigning the group to an EC2 instance profile is incorrect. EC2 instance profiles must be associated with IAM roles, not IAM groups.

Attaching the policy to an IAM user and then attaching the user to the EC2 instance profile is incorrect. EC2 instance profiles must be associated with IAM roles, not users.

IAM web identity federation is used to allow temporary access for external identities (e.g., from a web application or mobile app), not for EC2 instances.

Leave a Reply

Your email address will not be published. Required fields are marked *

4 × 4 =