Which solution meets these requirements?

By:
In: DVA-C02
Tagged:
With: 1 Comment
A developer is creating a new batch application that will run on an Amazon EC2 instance.The application requires read access to an Amazon S3 bucket.The developer needs to follow security best practices to grant S3 read access to the application.

Which solution meets these requirements?

Add the permissions to an IAM policy. Attach the policy to a role. Attach the role to the EC2 instance profile.

Add the permissions inline to an IAM group. Attach the group to the EC2 instance profile.

Add the permissions to an IAM policy. Attach the policy to a user. Attach the user to the EC2 instance profile.

Add the permissions to an IAM policy. Use IAM web identity federation to access the S3 bucket with the policy.

Explanations:

Attaching the permissions to a role and assigning it to the EC2 instance profile follows AWS best practices by using roles for EC2 instances to access other AWS services securely.

IAM groups cannot be attached to EC2 instance profiles; only roles can be attached to EC2 instance profiles for assigning permissions to applications running on EC2.

IAM users cannot be attached to EC2 instance profiles; only roles can be used for EC2 instance profiles to grant access securely.

IAM web identity federation is not necessary for an EC2 instance needing access to S3. Roles should be used directly for secure instance access to other AWS services.

2025-10-05

1 Comment

  1. Abigail
    Author

    I figure that the answer is:
    Add the permissions to an IAM policy. Attach the policy to a role. Attach the role to the EC2 instance profile.

Leave a Reply to Abigail Cancel reply

Your email address will not be published. Required fields are marked *

20 + three =