ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 38 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 38
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a table to the user. During testing, a developer discovers that the application does not show any objects in the list.
What is the MOST secure way to resolve this issue?

  • A. Update the IAM instance profile that is attached to the EC2 instance to include the S3:* permission for the S3 bucket.
  • B. Update the IAM instance profile that is attached to the EC2 instance to include the S3:ListBucket permission for the S3 bucket.
  • C. Update the developer's user permissions to include the S3:ListBucket permission for the S3 bucket.
  • D. Update the S3 bucket policy by including the S3:ListBucket permission and by setting the Principal element to specify the account number of the EC2 instance.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by svrnvtr at March 21, 2023, 10:41 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Untamables
Highly Voted 2 years, 1 month ago
Selected Answer: B
The correct answer is B. https://repost.aws/knowledge-center/ec2-instance-access-s3-bucket Option A also works, but it is not compliant to the AWS security practice of the least privilege permissions.
upvoted 11 times
yeacuz
1 year, 11 months ago
Option B only allows you to list the bucket - you will still not see the objects if only s3:ListBucket permission is configured.
upvoted 3 times
...
...
yeacuz
Highly Voted 1 year, 11 months ago
Selected Answer: A
Option A allows you to list buckets AND objects. Option B only allows you to list the bucket - you will still not see the objects if only s3:ListBucket permission is configured.
upvoted 5 times
nbxyzd
6 months ago
Hey, don't mislead the others, please. Read the official document carefully before posting here.
upvoted 3 times
...
Jeremy11
1 year, 9 months ago
Not true: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html To use this action in an AWS Identity and Access Management (IAM) policy, you must have permission to perform the s3:ListBucket action.
upvoted 3 times
ec8or
1 year, 1 month ago
Answer is A: The questions is not stating the the list of buckets cannot seen but the objects within the lists cannot be seen. Seems the dev already has the s3:ListBucket option its the objects part that is missing.
upvoted 1 times
...
...
...
aaaaatoz
Most Recent 4 months ago
Selected Answer: B
https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-language-overview.html For example, the s3:ListBucket permission allows the user to use the Amazon S3 ListObjectsV2 operation. (The s3:ListBucket permission is a case where the action name doesn't map directly to the operation name.)
upvoted 2 times
...
sumanshu
4 months, 1 week ago
Selected Answer: B
A) Eliminated - Too permissive: Grants more permissions than needed (S3:*), violating the principle of least privilege. B) Correct - Minimal permissions: Only grants the permission needed for the application to perform the ListBucket operation. Permissions are tied to the EC2 instance's IAM instance profile, limiting access to that instance. C) Eliminated - The developer’s permissions are unrelated to the application running on the EC2 instance. D) Eliminated - Grants permissions at the S3 bucket policy level, which applies to all resources in the account, not just the EC2 instance.
upvoted 1 times
...
65703c1
11 months, 1 week ago
Selected Answer: B
B is the correct answer.
upvoted 1 times
...
Vaibs099
1 year ago
B is correct, Question is asking for lists the objects that are stored in the S3 bucket. s3:ListBucket gives bucket level objects list.
upvoted 1 times
...
ibratoev
1 year, 1 month ago
The correct answer is B. Option A works as well but only listing the files is mentioned as requirement.
upvoted 1 times
...
ninomfr64
1 year, 8 months ago
Selected Answer: B
It is B, but I had to dig into docs to learn that to use ListObjectsV2, in an AWS Identity and Access Management (IAM) policy, you must have permission to perform the s3:ListBucket action. https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html
upvoted 2 times
...
jipark
1 year, 8 months ago
are there anyone who can explain D ? - S3 bucket policy
upvoted 3 times
nmc12
1 year, 7 months ago
Option D is not the most secure choice, as utilizing bucket policies and specifying account numbers can potentially lead to overly complex and less secure configurations, especially if not managed carefully. To implement option B, follow these and it most secure!!! { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::your-bucket-name" } ] }
upvoted 1 times
...
...
s50600822
1 year, 10 months ago
A violated least privilege principle so B
upvoted 3 times
...
yashika2005
1 year, 11 months ago
Selected Answer: B
the s3:ListBucket permission allows the user to use the Amazon S3 GET Bucket (List Objects) operation. Reference: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-language-overview.html
upvoted 3 times
...
yashika2005
1 year, 11 months ago
the s3:ListBucket permission allows the user to use the Amazon S3 GET Bucket (List Objects) operation. Reference: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-language-overview.html
upvoted 1 times
...
svrnvtr
2 years, 1 month ago
Selected Answer: B
It is B
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago