Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 163 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 163
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A developer is troubleshooting an application that uses Amazon DynamoDB in the us-west-2 Region. The application is deployed to an Amazon EC2 instance. The application requires read-only permissions to a table that is named Cars. The EC2 instance has an attached IAM role that contains the following IAM policy:



When the application tries to read from the Cars table, an Access Denied error occurs.

How can the developer resolve this error?

  • A. Modify the IAM policy resource to be “arn:aws:dynamodb:us-west-2:account-id:table/*”.
  • B. Modify the IAM policy to include the dynamodb:* action.
  • C. Create a trust policy that specifies the EC2 service principal. Associate the role with the policy.
  • D. Create a trust relationship between the role and dynamodb.amazonaws.com.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by fordiscussionstwo at Oct. 6, 2023, 2:07 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
LemonGremlin
Highly Voted 11 months ago
Selected Answer: C
The most reasonable answer here is C. But I think the question is missing some information. https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/
upvoted 6 times
konieczny69
7 months, 2 weeks ago
What is a trust policy? I know trust relationship, not a trust policy.
upvoted 1 times
...
...
wh1t4k3r
Most Recent 3 weeks ago
Selected Answer: C
Well, I will guess that this question is badly written on purpose. Anyway: C makes more sense since A and B are going against best practices of least privilege. D makes no sense since the role must trust the service that will use it rather then the service that will be accessed.
upvoted 1 times
...
65703c1
3 months, 3 weeks ago
Selected Answer: C
C is the correct answer.
upvoted 1 times
...
PrakashM14
11 months ago
Selected Answer: D
D.Create a trust relationship between the role and dynamodb.amazonaws.com. Explanation: Trust Relationship: In AWS, a trust relationship defines who or what entity can assume a role. In this case, the role attached to the EC2 instance needs to trust DynamoDB. The trust relationship is specified in a JSON policy document. DynamoDB Service Principal: The correct service principal for DynamoDB is dynamodb.amazonaws.com. This is the entity that the role needs to trust to allow access to DynamoDB resources.
upvoted 1 times
konieczny69
7 months, 2 weeks ago
Complete nonsense. Role needs to trust EC2, since its the EC2 who is to assume the role.
upvoted 3 times
...
...
Digo30sp
11 months, 2 weeks ago
Selected Answer: C
https://www.examtopics.com/discussions/amazon/view/96497-exam-aws-certified-developer-associate-topic-1-question-380/
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel