AWS Certified Developer – Associate — Question 61

A developer designed an application on an Amazon EC2 instance. The application makes API requests to objects in an Amazon S3 bucket.
Which combination of steps will ensure that the application makes the API requests in the MOST secure manner? (Choose two.)

Answer options

• A. Create an IAM user that has permissions to the S3 bucket. Add the user to an IAM group.
• B. Create an IAM role that has permissions to the S3 bucket.
• C. Add the IAM role to an instance profile. Attach the instance profile to the EC2 instance.
• D. Create an IAM role that has permissions to the S3 bucket. Assign the role to an 1AM group.
• E. Store the credentials of the IAM user in the environment variables on the EC2 instance.

Correct answer: B, C

Explanation

The correct combination is B and C because using an IAM role associated with the EC2 instance allows the application to obtain temporary credentials, which enhances security by eliminating the need to hard-code sensitive information. Options A and E are less secure; using an IAM user and storing credentials in environment variables increases the risk of exposure, while option D incorrectly suggests assigning an IAM role to an IAM group, which is not applicable.