AWS Certified Developer – Associate — Question 136

A developer is deploying an application on Amazon EC2 instances that run in Account A. The application needs to read data from an existing Amazon Kinesis data stream in Account B.

Which actions should the developer take to provide the application with access to the stream? (Choose two.)

Answer options

• A. Update the instance profile role in Account A with stream read permissions.
• B. Create an IAM role with stream read permissions in Account B.
• C. Add a trust policy to the instance profile role and IAM role in Account B to allow the instance profile role to assume the IAM role.
• D. Add a trust policy to the instance profile role and IAM role in Account B to allow reads from the stream.
• E. Add a resource-based policy in Account B to allow read access from the instance profile role.

Correct answer: B, C

Explanation

The correct answer includes creating an IAM role with stream read permissions in Account B and adding a trust policy to allow the instance profile role to assume this IAM role. Option A is incorrect as it does not address the necessary permissions in Account B, while D fails to establish the required trust relationship between the roles. Option E does not provide the necessary IAM role configuration for the EC2 instance in Account A.