AWS Certified Developer – Associate (DVA-C02) — Question 122

A developer has written an application that runs on Amazon EC2 instances. The developer is adding functionality for the application to write objects to an Amazon S3 bucket.

Which policy must the developer modify to allow the instances to write these objects?

Answer options

• A. The IAM policy that is attached to the EC2 instance profile role
• B. The session policy that is applied to the EC2 instance role session
• C. The AWS Key Management Service (AWS KMS) key policy that is attached to the EC2 instance profile role
• D. The Amazon VPC endpoint policy

Correct answer: A

Explanation

The correct answer is A because the IAM policy attached to the EC2 instance profile role governs the permissions for the instance to access AWS resources, including Amazon S3. The other options do not directly grant the necessary permissions for writing to S3, as they pertain to session policies, KMS key policies, or VPC endpoint policies which do not control S3 access from EC2 instances.