Exam: AWS Certified Cloud Practitioner 0 Likes
A company hosts an application on an Amazon EC2 instance. The EC2 (CLF-C02)
A company hosts an application on an Amazon EC2 instance. The EC2 instance needs to access several AWS resources, including Amazon S3 and Amazon DynamoDB.
What is the MOST operationally efficient solution to delegate permissions?
A. Create an IAM role with the required permissions. Attach the role to the EC2 instance.
B. Create an IAM user and use its access key and secret access key in the application.
C. Create an IAM user and use its access key and secret access key to create a CLI profile in the EC2 instance
D. Create an IAM role with the required permissions. Attach the role to the administrative IAM user.
Solution
Correct answer: A. Create an IAM role with the required permissions. Attach the role to the EC2 instance.
This is the most operationally efficient solution because:
IAM roles are designed to delegate permissions to AWS resources, such as EC2 instances, without the need to manage access keys.
By attaching the role to the EC2 instance, the instance can access the required AWS resources (S3 and DynamoDB) without the need to store or manage access keys.
This approach also eliminates the need to rotate access keys, which can be a security and operational burden.
The other options are less efficient:
B. Creating an IAM user and using its access key and secret access key in the application requires managing and rotating access keys, which can be a security and operational burden.
C. Creating an IAM user and using its access key and secret access key to create a CLI profile in the EC2 instance is also not the most efficient solution, as it still requires managing and rotating access keys.
D. Creating an IAM role and attaching it to the administrative IAM user is not the correct solution, as the role should be attached to the EC2 instance, not the IAM user.
By using an IAM role, you can delegate permissions to the EC2 instance in a secure and operationally efficient way.
Category: Basic AWS services