AWS Certified Cloud Practitioner (CLF-C02) — Question 16

According to security best practices, how should an Amazon EC2 instance be given access to an Amazon S3 bucket?

Answer options

• A. Hard code an IAM user’s secret key and access key directly in the application, and upload the file.
• B. Store the IAM user’s secret key and access key in a text file on the EC2 instance, read the keys, then upload the file.
• C. Have the EC2 instance assume a role to obtain the privileges to upload the file.
• D. Modify the S3 bucket policy so that any service can upload to it at any time.

Correct answer: C

Explanation

The correct answer is C because assuming a role provides the EC2 instance with temporary, secure permissions to access the S3 bucket without hardcoding sensitive credentials. Options A and B are insecure as they involve storing access keys in the application or on the instance, which can lead to credential exposure. Option D is also insecure as it allows unrestricted access to the S3 bucket, which is against best practices.