AWS Certified Developer – Associate (DVA-C02) — Question 524

A developer is using AWS CodeDeploy to launch an application onto Amazon EC2 instances. The application deployment fails during testing. The developer notices an IAM_ROLE_PERMISSIONS error code in Amazon CloudWatch logs.

What should the developer do to resolve the error?

Answer options

• A. Ensure that the deployment group is using the correct role name for the CodeDeploy service role.
• B. Attach the AWSCodeDeployRoleECS policy to the CodeDeploy service role.
• C. Attach the AWSCodeDeployRole policy to the CodeDeploy service role.
• D. Ensure the CodeDeploy agent is installed and running on all instances in the deployment group.

Correct answer: C

Explanation

The IAM_ROLE_PERMISSIONS error indicates that the service role used by AWS CodeDeploy does not have the required permissions to interact with Amazon EC2 resources. Attaching the AWSCodeDeployRole managed policy grants the service role the necessary permissions for EC2 deployments. The AWSCodeDeployRoleECS policy is intended for ECS-based deployments and would not resolve this EC2-specific error.