AWS Certified Developer – Associate — Question 319

A developer is building an application on Amazon EC2. The developer encountered an “Access Denied” error on some of the API calls to AWS services while testing. The developer needs to modify permissions that have been already given to the instance.

How can these requirements be met with minimal changes and minimum downtime?

Answer options

• A. Make a new IAM role with the needed permissions. Stop the instance. Attach the new IAM role to the instance. Start the instance.
• B. Delete the existing IAM role. Attach a new IAM role with the needed permissions.
• C. Stop the instance. Update the attached IAM role adding the needed permissions. Start the instance.
• D. Update the attached IAM role adding the needed permissions.

Correct answer: D

Explanation

Updating the permissions of an existing IAM role attached to an Amazon EC2 instance takes effect almost immediately without requiring the instance to be stopped or restarted. This method ensures zero downtime and requires the fewest administrative steps. Options A, B, and C are incorrect because stopping the instance or replacing the role is unnecessary and causes avoidable downtime.