AWS Certified Solutions Architect – Associate (SAA-C02) — Question 264

A user wants to list the IAM role that is attached to their Amazon EC2 instance. The user has login access to the EC2 instance but does not have IAM permissions.
What should a solutions architect do to retrieve this information?

Answer options

• A. Run the following EC2 command: curl http://169.254.169.254/latest/meta-data/iam/info
• B. Run the following EC2 command: curl http://169.254.169.254/latest/user-data/iam/info
• C. Run the following EC2 command: http://169.254.169.254/latest/dynamic/instance-identity/
• D. Run the following AWS CLI command: aws iam get-instance-profile --instance-profile-name ExampleInstanceProfile

Correct answer: A

Explanation

Querying the instance metadata service (IMDS) at the link http://169.254.169.254/latest/meta-data/iam/info allows a user with local access to retrieve the IAM role details directly from the instance without requiring IAM API permissions. Option B is incorrect because user-data is used for launch scripts, while Option C points to the instance identity document which does not contain the IAM role. Option D is incorrect because executing AWS CLI IAM commands requires active IAM permissions, which the user does not have.