An application is designed to run on an EC2 Instance. The applications needs to work with an S3 bucket.
From a security perspective, what is the ideal way for the EC2 instance/ application to be configured?
A . Use the AWS access keys ensuring that they are frequently rotated.
B . Assign an IAM user to the application that has specific access to only that S3 bucket
C . Assign an IAM Role and assign it to the EC2 Instance
D . Assign an IAM group and assign it to the EC2 Instance
Answer: C
Explanation:
The below diagram from the AWS whitepaper shows the best security practicse of allocating a role that has access to the S3 bucket
Options A,B and D are invalid because using users, groups or access keys is an invalid
security practise when giving access to resources from other AWS resources.
For more information on the Security Best practices, please visit the following URL:
https://d1.awsstatic.com/whitepapers/Security/AWS Security Best Practices.pdl
The correct answer is: Assign an IAM Role and assign it to the EC2 Instance Submit your Feedback/Queries to our Experts