ExamTopics Logo
Mail Usteam@examtopics.com
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 556 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 556
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A solutions architect is using an AWS CloudFormation template to deploy a three-tier web application. The web application consists of a web tier and an application tier that stores and retrieves user data in Amazon DynamoDB tables. The web and application tiers are hosted on Amazon EC2 instances, and the database tier is not publicly accessible. The application EC2 instances need to access the DynamoDB tables without exposing API credentials in the template.

What should the solutions architect do to meet these requirements?

  • A. Create an IAM role to read the DynamoDB tables. Associate the role with the application instances by referencing an instance profile.
  • B. Create an IAM role that has the required permissions to read and write from the DynamoDB tables. Add the role to the EC2 instance profile, and associate the instance profile with the application instances.
  • C. Use the parameter section in the AWS CloudFormation template to have the user input access and secret keys from an already-created IAM user that has the required permissions to read and write from the DynamoDB tables.
  • D. Create an IAM user in the AWS CloudFormation template that has the required permissions to read and write from the DynamoDB tables. Use the GetAtt function to retrieve the access and secret keys, and pass them to the application instances through the user data.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Community vote distribution
B (87%)
13%
by kangho at Aug. 5, 2023, 6:41 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment. You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
upliftinghut
8 months, 1 week ago
Selected Answer: B
best practice is using IAM role for database access. From app to DB => need both read & write, only B meets these 2
upvoted 3 times
...
pentium75
9 months ago
Selected Answer: B
Application "stores and retrieves" data in DynamoDB while A grants only access "to read".
upvoted 3 times
...
Nisarg2121
11 months, 2 weeks ago
Selected Answer: B
B is correct, A total wrong because "read the DynamoDB tables", so what about write in database.
upvoted 4 times
...
darekw
1 year, 1 month ago
question says: ...application tier stores and retrieves user data in Amazon DynamoDB tables... so it needs read and write access A) is only read access B) seems to be the right answer
upvoted 2 times
...
Guru4Cloud
1 year, 1 month ago
Selected Answer: B
Option B is the correct approach to meet the requirements: Create an IAM role with permissions to access DynamoDB Add the IAM role to an EC2 Instance Profile Associate the Instance Profile with the application EC2 instances This allows the instances to assume the IAM role to obtain temporary credentials to access DynamoDB.
upvoted 3 times
...
anibinaadi
1 year, 1 month ago
Explanation. Both A and B seems suitable. But Option A is incorrect because it says “Associate the role with the application instances by referencing an instance profile”. Which just only a Part of the solution. In API/AWS CLI following steps are required to complete the Role-> instance profile association-> to instance. 1. Create an IAM Role 2. add-role-to-instance-profile (aws iam add-role-to-instance-profile --role-name S3Access --instance-profile-name Webserver) 3. associate-iam-instance-profile (aws ec2 associate-iam-instance-profile --instance-id i-123456789abcde123 --iam-instance-profile Name=admin-role) hence Option B is correct.
upvoted 3 times
...
DannyKang5649
1 year, 1 month ago
Selected Answer: B
Why "No read and write" ? The question clearly states that application tier STORE and RETRIEVE the data from DynamoDB. Which means write and read... I think answer should be B
upvoted 3 times
...
xyb
1 year, 1 month ago
Selected Answer: B
https://www.examtopics.com/discussions/amazon/view/80755-exam-aws-certified-solutions-architect-associate-saa-c02/
upvoted 2 times
...
Ale1973
1 year, 1 month ago
Selected Answer: B
My rationl: Option A is wrong because the scenario says "stores and retrieves user data in Amazon DynamoDB tables", STORES and RETRIVE, if you set a role to READ, you can write on DinamoDB database
upvoted 2 times
...
mrsoa
1 year, 1 month ago
Selected Answer: A
AAAAAAAAA
upvoted 2 times
pentium75
9 months ago
No because it grants only read access
upvoted 3 times
...
...
kangho
1 year, 1 month ago
Selected Answer: A
A is correct
upvoted 1 times
pentium75
9 months ago
No because it grants only read access
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
PL-300
Pune, 1 minute ago