AWS Certified Solutions Architect – Associate (SAA-C02) — Question 50

A marketing company is storing CSV files in an Amazon S3 bucket for statistical analysis. An application on an Amazon EC2 instance needs permission to efficiently process the CSV data stored in the S3 bucket.
Which action will MOST securely grant the EC2 instance access to the S3 bucket?

Answer options

• A. Attach a resource-based policy to the S3 bucket.
• B. Create an IAM user for the application with specific permissions to the S3 bucket.
• C. Associate an IAM role with least privilege permissions to the EC2 instance profile.
• D. Store AWS credentials directly on the EC2 instance for applications on the instance to use for API calls.

Correct answer: C

Explanation

The correct answer is C because associating an IAM role with least privilege permissions to the EC2 instance profile is a secure way to grant the necessary access without exposing credentials. Option A is less secure as it involves resource-based policies which can be broader than necessary. Option B creates an IAM user which is not ideal for this scenario. Option D is insecure as storing AWS credentials on the EC2 instance can lead to potential security risks.