From a security perspective, what is the ideal way for the EC2 instance/ application to be configured?

An application is designed to run on an EC2 Instance. The applications needs to work with an S3 bucket.

From a security perspective, what is the ideal way for the EC2 instance/ application to be configured?
A . Use the AWS access keys ensuring that they are frequently rotated.
B . Assign an IAM user to the application that has specific access to only that S3 bucket
C . Assign an IAM Role and assign it to the EC2 Instance
D . Assign an IAM group and assign it to the EC2 Instance

View Answer

Answer: C

Explanation:

The below diagram from the AWS whitepaper shows the best security practicse of allocating a role that has access to the S3 bucket

Options A,B and D are invalid because using users, groups or access keys is an invalid

security practise when giving access to resources from other AWS resources.

For more information on the Security Best practices, please visit the following URL:

https://d1.awsstatic.com/whitepapers/Security/AWS Security Best Practices.pdl

The correct answer is: Assign an IAM Role and assign it to the EC2 Instance Submit your Feedback/Queries to our Experts