Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 38 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02

Question #: 38
Topic #: 1

[All AWS Certified Developer - Associate DVA-C02 Questions]

An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a table to the user. During testing, a developer discovers that the application does not show any objects in the list.
What is the MOST secure way to resolve this issue?

A. Update the IAM instance profile that is attached to the EC2 instance to include the S3:* permission for the S3 bucket.
B. Update the IAM instance profile that is attached to the EC2 instance to include the S3:ListBucket permission for the S3 bucket.
C. Update the developer's user permissions to include the S3:ListBucket permission for the S3 bucket.
D. Update the S3 bucket policy by including the S3:ListBucket permission and by setting the Principal element to specify the account number of the EC2 instance.

Show Suggested Answer

Suggested Answer: B 🗳️

by svrnvtr at March 21, 2023, 10:41 p.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

Untamables

Highly Voted 2 years, 3 months ago

Selected Answer: B

The correct answer is B. https://repost.aws/knowledge-center/ec2-instance-access-s3-bucket Option A also works, but it is not compliant to the AWS security practice of the least privilege permissions.

upvoted 11 times

yeacuz

2 years, 1 month ago

Option B only allows you to list the bucket - you will still not see the objects if only s3:ListBucket permission is configured.

upvoted 3 times

...

yeacuz

Highly Voted 2 years, 2 months ago

Selected Answer: A

Option A allows you to list buckets AND objects. Option B only allows you to list the bucket - you will still not see the objects if only s3:ListBucket permission is configured.

upvoted 5 times

nbxyzd

8 months, 2 weeks ago

Hey, don't mislead the others, please. Read the official document carefully before posting here.

upvoted 3 times

...

Jeremy11

1 year, 11 months ago

Not true: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html To use this action in an AWS Identity and Access Management (IAM) policy, you must have permission to perform the s3:ListBucket action.

upvoted 3 times

ec8or

1 year, 3 months ago

Answer is A: The questions is not stating the the list of buckets cannot seen but the objects within the lists cannot be seen. Seems the dev already has the s3:ListBucket option its the objects part that is missing.

upvoted 1 times

...

aaaaatoz

Most Recent 6 months, 3 weeks ago

Selected Answer: B

https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-language-overview.html For example, the s3:ListBucket permission allows the user to use the Amazon S3 ListObjectsV2 operation. (The s3:ListBucket permission is a case where the action name doesn't map directly to the operation name.)

upvoted 2 times

...

sumanshu

6 months, 3 weeks ago

Selected Answer: B

A) Eliminated - Too permissive: Grants more permissions than needed (S3:*), violating the principle of least privilege. B) Correct - Minimal permissions: Only grants the permission needed for the application to perform the ListBucket operation. Permissions are tied to the EC2 instance's IAM instance profile, limiting access to that instance. C) Eliminated - The developer’s permissions are unrelated to the application running on the EC2 instance. D) Eliminated - Grants permissions at the S3 bucket policy level, which applies to all resources in the account, not just the EC2 instance.

upvoted 2 times

...

65703c1

1 year, 1 month ago

Selected Answer: B

B is the correct answer.

upvoted 1 times

...

Vaibs099

1 year, 2 months ago

B is correct, Question is asking for lists the objects that are stored in the S3 bucket. s3:ListBucket gives bucket level objects list.

upvoted 1 times

...

ibratoev

1 year, 3 months ago

The correct answer is B. Option A works as well but only listing the files is mentioned as requirement.

upvoted 1 times

...

ninomfr64

1 year, 10 months ago

Selected Answer: B

It is B, but I had to dig into docs to learn that to use ListObjectsV2, in an AWS Identity and Access Management (IAM) policy, you must have permission to perform the s3:ListBucket action. https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html

upvoted 2 times

...

jipark

1 year, 11 months ago

are there anyone who can explain D ? - S3 bucket policy

upvoted 3 times

nmc12

1 year, 9 months ago

Option D is not the most secure choice, as utilizing bucket policies and specifying account numbers can potentially lead to overly complex and less secure configurations, especially if not managed carefully. To implement option B, follow these and it most secure!!! { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::your-bucket-name" } ] }

upvoted 1 times

...

s50600822

2 years, 1 month ago

A violated least privilege principle so B

upvoted 3 times

...

yashika2005

2 years, 1 month ago

Selected Answer: B

the s3:ListBucket permission allows the user to use the Amazon S3 GET Bucket (List Objects) operation. Reference: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-language-overview.html

upvoted 3 times

...

yashika2005

2 years, 1 month ago

upvoted 1 times

...

svrnvtr

2 years, 3 months ago

Selected Answer: B

It is B

upvoted 4 times

...