A company stores all personally identifiable information (PII) in an Amazon DynamoDB table named PII in Account A. An application running on Amazon EC2 instances in Account B requires access to the PII table. An administrator in Account A created an IAM role named AccessPII with privileges to access the PII table, and made Account B a trusted entity.
Which combination of additional steps should developers take to access the table? (Choose two.)
A. Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role.
B. Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control policies.
C. Ask an administrator in Account A to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control policies.
D. Include the AssumeRole API in the application code logic to obtain credentials to access the PII table.
E. Include the GetSessionToken API in the application code logic to obtain credentials to access the PII table.
Answer: CE
Leave a Reply