AWS Certified Solutions Architect – Associate (SAA-C03) — Question 26

A company is implementing a new business application. The application runs on two Amazon EC2 instances and uses an Amazon S3 bucket for document storage. A solutions architect needs to ensure that the EC2 instances can access the S3 bucket.
What should the solutions architect do to meet this requirement?

Answer options

• A. Create an IAM role that grants access to the S3 bucket. Attach the role to the EC2 instances.
• B. Create an IAM policy that grants access to the S3 bucket. Attach the policy to the EC2 instances.
• C. Create an IAM group that grants access to the S3 bucket. Attach the group to the EC2 instances.
• D. Create an IAM user that grants access to the S3 bucket. Attach the user account to the EC2 instances.

Correct answer: A

Explanation

The correct answer is A because creating an IAM role specifically allows EC2 instances to assume the role and access the S3 bucket without needing to manage credentials. The other options involve IAM policies, groups, or users, which are not appropriate for granting access directly to EC2 instances in this context.