AWS Certified Developer – Associate — Question 309

A company wants to migrate applications from its on-premises servers to AWS. As a first step, the company is modifying and migrating a non-critical application to a single Amazon EC2 instance. The application will store information in an Amazon S3 bucket. The company needs to follow security best practices when deploying the application on AWS.

Which approach should the company take to allow the application to interact with Amazon S3?

Answer options

• A. Create an IAM role that has administrative access to AWS. Attach the role to the EC2 instance.
• B. Create an IAM user. Attach the AdministratorAccess policy. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.
• C. Create an IAM role that has the necessary access to Amazon S3. Attach the role to the EC2 instance.
• D. Create an IAM user. Attach a policy that provides the necessary access to Amazon S3. Copy the generated access key and secret key. Within the application code, use the access key and secret key along with the AWS SDK to communicate with Amazon S3.

Correct answer: C

Explanation

Using IAM roles for Amazon EC2 instances is an AWS security best practice because it avoids the risks of hardcoding and managing long-term credentials like access keys. Furthermore, following the principle of least privilege dictates that the role should only have the specific Amazon S3 permissions required by the application rather than full administrative access. Options involving IAM user access keys or administrative roles violate these core security principles.