Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 112 discussion

Option A is correct because IAM roles are used to grant permissions to AWS services, such as EC2 instances, to access other AWS services, such as S3 buckets. The policy assigned to the IAM role attached to the EC2 instances should be checked to ensure that it grants access to the S3 bucket. Option B is also correct because the S3 bucket policy controls access to the S3 bucket. The S3 bucket policy should be checked to ensure that the access permissions are correctly configured.

EC2 instances typically assume an IAM role to interact with AWS services like S3. If the attached IAM role does not have the correct permissions, the EC2 instance will not be able to access the S3 bucket. Even if the IAM role grants S3 permissions, the bucket policy might explicitly deny access or restrict access to certain principals (users or roles). C) Eliminated - EC2 instances do not use IAM users to access AWS services. D) Eliminated - An S3 Lifecycle policy is used for managing object lifecycles (e.g., moving objects to Glacier or deleting old versions). It does not control access permissions. E) Eliminated - Security groups control inbound and outbound traffic at the network level

AB is the correct answer.

AB is the correct answer.

Incorrectly stated question. Its not mentioned how does the application us IAM, that is wether its STS or user credentials. AC is as well perfectly correct answer.

The two steps most relevant to troubleshooting the issue are: A. Check whether the policy that is assigned to the IAM role that is attached to the EC2 instances grants access to Amazon S3. B. Check the S3 bucket policy to validate the access permissions for the S3 bucket.

https://repost.aws/knowledge-center/ec2-instance-access-s3-bucket

Explanation: A. IAM Role Policy: EC2 instances are typically associated with IAM roles. These roles have policies attached to them that define the permissions the instances have. If the instances are unable to access an S3 bucket, it's essential to verify that the IAM role assigned to the EC2 instances has the necessary permissions to interact with S3. E. Security Groups: Security groups act as virtual firewalls for EC2 instances. They control inbound and outbound traffic. If the EC2 instances are unable to access S3, it's possible that the associated security group is blocking outbound traffic to the S3 service. Make sure the security group rules allow outbound traffic to the S3 service.

The correct steps to troubleshoot the issue are: A. Check whether the policy that is assigned to the IAM role that is attached to the EC2 instances grants access to Amazon S3. E. Check the security groups that are assigned to the EC2 instances. Make sure that a rule is not blocking the access to Amazon S3. Explanation: E. Security Groups: Security groups act as virtual firewalls for EC2 instances. They control inbound and outbound traffic. If the EC2 instances are unable to access S3, it's possible that the associated security group is blocking outbound traffic to the S3 service. Make sure the security group rules allow outbound traffic to the S3 service.

Why not E ?

AB https://repost.aws/knowledge-center/ec2-instance-access-s3-bucket

AE B. Check the S3 bucket policy to validate the access permissions for the S3 bucket. The S3 bucket policy controls who has access to the bucket, but it does not control how they can access it. The IAM role or user that is attached to the EC2 instances must have the appropriate permissions to access the bucket, regardless of what the S3 bucket policy says. C. Check whether the policy that is assigned to the IAM user that is attached to the EC2 instances grants access to Amazon S3. This is unlikely to be the cause of the issue, as the IAM role is what is typically used to control access to AWS resources. D. Check the S3 Lifecycle policy to validate the permissions that are assigned to the S3 bucket. The S3 Lifecycle policy controls how objects are stored and moved in Amazon S3. It does not control who has access to the bucket.

A: Make sure EC2 instance profile has permission to access s3 B: Make sure S3 resource policy allows the access from instance