Exam: AWS Certified Cloud Practitioner 0 Likes

A company hosts an application on an Amazon EC2 instance. The EC2 (CLF-C02)

Updated on 08/31/2024

A company hosts an application on an Amazon EC2 instance. The EC2 instance needs to access several AWS resources, including Amazon S3 and Amazon DynamoDB.

What is the MOST operationally efficient solution to delegate permissions?

A. Create an IAM role with the required permissions. Attach the role to the EC2 instance.
B. Create an IAM user and use its access key and secret access key in the application.
C. Create an IAM user and use its access key and secret access key to create a CLI profile in the EC2 instance
D. Create an IAM role with the required permissions. Attach the role to the administrative IAM user.


Solution

Correct answer: A. Create an IAM role with the required permissions. Attach the role to the EC2 instance.
This is the most operationally efficient solution because:

IAM roles are designed to delegate permissions to AWS resources, such as EC2 instances, without the need to manage access keys.
By attaching the role to the EC2 instance, the instance can access the required AWS resources (S3 and DynamoDB) without the need to store or manage access keys.
This approach also eliminates the need to rotate access keys, which can be a security and operational burden.
The other options are less efficient:
B. Creating an IAM user and using its access key and secret access key in the application requires managing and rotating access keys, which can be a security and operational burden.
C. Creating an IAM user and using its access key and secret access key to create a CLI profile in the EC2 instance is also not the most efficient solution, as it still requires managing and rotating access keys.
D. Creating an IAM role and attaching it to the administrative IAM user is not the correct solution, as the role should be attached to the EC2 instance, not the IAM user.

By using an IAM role, you can delegate permissions to the EC2 instance in a secure and operationally efficient way.

Category: Basic AWS services

There are no comments yet.

Authentication required

You must log in to post a comment.
Log in to like this solution

Log in

Support us!
Subscribe Now

Cookies Consent

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All" you consent to our use of cookies. Privacy Policy.