AWS Certified SysOps Administrator – Associate — Question 404

A SysOps administrator is using Amazon EC2 instances to host an application. The SysOps administrator needs to grant permissions for the application to access an Amazon DynamoDB table.
Which solution will meet this requirement?

Answer options

• A. Create access keys to access the DynamoDB table. Assign the access keys to the EC2 instance profile.
• B. Create an EC2 key pair to access the DynamoDB table. Assign the key pair to the EC2 instance profile.
• C. Create an IAM user to access the DynamoDB table. Assign the IAM user to the EC2 instance profile.
• D. Create an IAM role to access the DynamoDB table. Assign the IAM role to the EC2 instance profile.

Correct answer: D

Explanation

Assigning an IAM role to an EC2 instance profile is the AWS-recommended best practice for granting permissions to applications running on EC2 instances, as it avoids hardcoding long-term credentials. Options A and C are incorrect because access keys and IAM users should not be embedded or assigned to instance profiles. Option B is incorrect because EC2 key pairs are used for SSH/RDP access to instances, not for granting API permissions to services like DynamoDB.