AWS Certified Developer – Associate — Question 230

A developer is running an application on an Amazon EC2 instance. When the application tries to read an Amazon S3 bucket, the application fails. The developer notices that the associated IAM role is missing the S3 read permission. The developer needs to give the application the ability to read the S3 bucket.

Which solution will meet this requirement with the LEAST application disruption?

Answer options

• A. Add the permission to the role. Terminate the existing EC2 instance. Launch a new EC2 instance.
• B. Add the permission to the role so that the change will take effect automatically.
• C. Add the permission to the role. Hibernate and restart the existing EC2 instance.
• D. Add the permission to the S3 bucket. Restart the EC2 instance.

Correct answer: B

Explanation

The correct answer is B because adding the permission to the IAM role will apply immediately to the running EC2 instance without needing to restart or create a new instance. Options A and C require terminating or hibernating the instance, which causes unnecessary disruption, while option D incorrectly suggests changing bucket permissions instead of the IAM role.