AWS Certified Cloud Practitioner — Question 147

A company stores configuration files in an Amazon S3 bucket. These configuration files must be accessed by applications that are running on Amazon EC2 instances.
According to AWS security best practices, how should the company grant permissions to allow the applications for access the S3 bucket?

Answer options

• A. Use the AWS account root user access keys.
• B. Use the AWS access key ID and the EC2 secret access key.
• C. Use an IAM role with the necessary permissions.
• D. Activate multi-factor authentication (MFA) and versioning on the S3 bucket.

Correct answer: C

Explanation

The correct answer is C, as using an IAM role allows applications running on EC2 instances to access the S3 bucket securely without hardcoding credentials. Option A is incorrect because using root user access keys poses significant security risks. Option B is also not recommended due to similar security concerns with using access key IDs and secret access keys directly. Option D does not grant access permissions to the S3 bucket; rather, it enhances security but does not address the access requirement.