Oracle Cloud Infrastructure 2020 Architect Associate — Question 22

You need to set up instance principals so that an application running on an instance can call Oracle Cloud Infrastructure (OCI) public services, without the need to configure user credentials.
A developer in your team has already configured the application built using an OCI SDK to authenticate using the instance principals provider.
Which is NOT a necessary step to complete this set up?

Answer options

• A. Create a dynamic group with matching rules to specify which instances you want to allow to make API calls against services.
• B. Generate Auth Tokens to enable instances in the dynamic group to authenticate with APIs.
• C. Create a policy granting permissions to the dynamic group to access services in your compartment or tenancy.
• D. Deploy the application and the SDK to all the instances that belong to the dynamic group.

Correct answer: B

Explanation

The correct answer is B because instance principals allow instances to authenticate without the need for Auth Tokens; they use the metadata service instead. The other options (A, C, and D) are essential steps in setting up instance principals correctly by defining which instances can access the APIs, ensuring they have the required permissions, and deploying the application.