AWS Certified Solutions Architect – Professional — Question 353

Identify a true statement about using an IAM role to grant permissions to applications running on Amazon EC2 instances.

Answer options

• A. When AWS credentials are rotated; developers have to update only the root Amazon EC2 instance that uses their credentials.
• B. When AWS credentials are rotated, developers have to update only the Amazon EC2 instance on which the password policy was applied and which uses their credentials.
• C. When AWS credentials are rotated, you don't have to manage credentials and you don't have to worry about long-term security risks.
• D. When AWS credentials are rotated, you must manage credentials and you should consider precautions for long-term security risks.

Correct answer: C

Explanation

Assigning an IAM role to an Amazon EC2 instance allows applications to securely access AWS resources using temporary security credentials that AWS automatically rotates. This eliminates the operational overhead of manually managing credentials and mitigates the security risks associated with long-term secrets. Consequently, options A, B, and D are incorrect as they falsely suggest manual credential management is still required.