AWS Certified Solutions Architect – Professional — Question 465

In the context of IAM roles for Amazon EC2, which of the following NOT true about delegating permission to make API requests?

Answer options

• A. You cannot create an IAM role.
• B. You can have the application retrieve a set of temporary credentials and use them.
• C. You can specify the role when you launch your instances.
• D. You can define which accounts or AWS services can assume the role.

Correct answer: A

Explanation

You can absolutely create an IAM role to delegate permissions to EC2 instances, making statement A false and thus the correct answer. The other options accurately describe EC2 IAM role capabilities, including launching instances with a specified role, defining trust policies, and retrieving temporary credentials via the instance metadata service.