AWS Certified Developer – Associate (DVA-C02) — Question 478

A developer is troubleshooting the permissions of an application that needs to make changes to an Amazon RDS database. The developer has access to the IAM role that the application is using.

Which command structure should the developer use to test the role permissions?

Answer options

• A. aws sts assume-role
• B. aws iam attach-role-policy
• C. aws ssm resume-session
• D. aws rds add-role-to-db-cluster

Correct answer: A

Explanation

The aws sts assume-role command returns temporary security credentials that allow the developer to act as the IAM role and verify its active permissions. Other options like aws iam attach-role-policy modify the role's policies rather than testing them, while aws ssm resume-session and aws rds add-role-to-db-cluster serve entirely different purposes related to Systems Manager and RDS cluster associations.