AWS Certified Developer – Associate (DVA-C02) — Question 353

A company wants to migrate applications from its on-premises servers to AWS. As a first step, the company is modifying and migrating a non-critical application to a single Amazon EC2 instance. The application will store information in an Amazon S3 bucket. The company needs to follow security best practices when deploying the application on AWS.

Which approach should the company take to allow the application to interact with Amazon S3?

Answer options

• A. Create an IAM role that has administrative access to AWS. Attach the role to the EC2 instance.
• B. Create an IAM user. Attach the AdministratorAccess policy. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.
• C. Create an IAM role that has the necessary access to Amazon S3. Attach the role to the EC2 instance.
• D. Create an IAM user. Attach a policy that provides the necessary access to Amazon S3. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.

Correct answer: C

Explanation

Attaching an IAM role directly to the EC2 instance (Option C) is the recommended AWS best practice because it utilizes temporary credentials, eliminating the security risk of storing long-term access keys within the application code (as in Options B and D). Furthermore, adhering to the principle of least privilege means granting only the necessary permissions required for Amazon S3 access rather than full administrative permissions (Option A).