An application running on EC2 instances needs to access objects in an S3 bucket. The security team mandates that no hardcoded credentials are used. How should a solutions architect meet this requirement?

Answer options:

Store IAM user credentials in AWS Secrets Manager and retrieve them at runtime.

Assign an IAM role with appropriate S3 permissions to the EC2 instances.

Create an S3 bucket policy that allows access from the EC2 instance's public IP address.

Embed temporary STS tokens in the application code.

How to approach this question

Look for the native AWS method for granting compute resources access to other AWS services.

Full Answer

B.Assign an IAM role with appropriate S3 permissions to the EC2 instances.✓ Correct

An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role for EC2 provides temporary credentials to applications running on the instance.

Common mistakes

Thinking Secrets Manager is required for AWS service-to-service authentication.

Question 01 All questions Question 03

Practice the full AWS SAA-C03 Practice Exam 5

65 questions · hints · full answers · grading

More questions from this exam

Q01A company needs to grant an external auditor read-only access to specific AWS resources. The audi...Easy Q03A company is designing a VPC for a multi-tier web application. They need to block specific malici...Medium Q04A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...Hard Q05A company hosts a web application on an Application Load Balancer (ALB). They are experiencing SQ...Medium Q06A financial company requires that all data stored in Amazon S3 is encrypted at rest using keys ma...Hard

View all 65 questions →