AWS Certified Cloud Practitioner — Question 968

A company hosts an application on an Amazon EC2 instance. The EC2 instance needs to access several AWS resources, including Amazon S3 and Amazon
DynamoDB.
What is the MOST operationally efficient solution to delegate permissions?

Answer options

• A. Create an IAM role with the required permissions. Attach the role to the EC2 instance.
• B. Create an IAM user and use its access key and secret access key in the application.
• C. Create an IAM user and use its access key and secret access key to create a CLI profile in the EC2 instance
• D. Create an IAM role with the required permissions. Attach the role to the administrative IAM user.

Correct answer: A

Explanation

Attaching an IAM role to an Amazon EC2 instance is the AWS-recommended best practice because AWS automatically manages and rotates temporary credentials for the instance, eliminating the administrative overhead of managing long-lived access keys. Options B and C are incorrect because using long-lived IAM user credentials introduces security risks and operational overhead related to manual key rotation. Option D is incorrect because attaching the role to an administrative user does not delegate the required permissions to the application running on the EC2 instance.