AWS Certified Cloud Practitioner (CLF-C02) — Question 221

A company hosts an application on multiple Amazon EC2 instances. The application uses Amazon Simple Notification Service (Amazon SNS) to send messages.

Which AWS service or feature will give the application permission to access required AWS services?

Answer options

• A. AWS Certificate Manager (ACM)
• B. IAM roles
• C. AWS Security Hub
• D. Amazon GuardDuty

Correct answer: B

Explanation

IAM roles are specifically designed to provide permissions to applications or services to access AWS resources securely. In contrast, AWS Certificate Manager (ACM) is for managing SSL/TLS certificates, AWS Security Hub is a security management service, and Amazon GuardDuty is a threat detection service, none of which grant permissions for service access.