AWS Certified Developer – Associate (DVA-C02) — Question 224

A developer is working on an application that is deployed on an Amazon EC2 instance. The developer needs a solution that will securely transfer files from the application to an Amazon S3 bucket.

What should the developer do to meet these requirements in the MOST secure way?

Answer options

• A. Create an IAM user. Create an access key for the IAM user. Store the access key in the application’s environment variables.
• B. Create an IAM role. Create an access key for the IAM role. Store the access key in the application’s environment variables.
• C. Create an IAM role. Configure the IAM role to access the specific Amazon S3 API calls the application requires. Associate the IAM role with the EC2 instance.
• D. Configure an S3 bucket policy for the S3 bucket. Configure the S3 bucket policy to allow access for the EC2 instance ID.

Correct answer: C

Explanation

The correct answer is C because assigning an IAM role to the EC2 instance allows it to securely access the S3 bucket without hardcoding access keys. Options A and B are less secure as they involve storing access keys, which can be compromised. Option D is not as secure because it relies on a bucket policy that may expose the S3 bucket to unintended access.