AWS Certified Cloud Practitioner — Question 962

In which situations should a company create an IAM user instead of an IAM role? (Choose two.)

Answer options

• A. When an application that runs on Amazon EC2 instances requires access to other AWS services
• B. When the company creates AWS access credentials for individuals
• C. When the company creates an application that runs on a mobile phone that makes requests to AWS
• D. When the company needs to add users to IAM groups
• E. When users are authenticated in the corporate network and want to be able to use AWS without having to sign in a second time

Correct answer: B, D

Explanation

IAM users represent specific individuals who require long-term AWS credentials and can be organized into IAM groups for easier permission management. In contrast, IAM roles are designed for temporary access and are best suited for EC2 instances, mobile applications, or federated corporate users who require single sign-on without dedicated IAM user accounts.