Exam AWS Certified Cloud Practitioner CLF-C02 topic 1 question 4 discussion

The recommended security best practice for giving an Amazon EC2 instance access to an Amazon S3 bucket is option C: Have the EC2 instance assume a role to obtain the privileges to upload the file. This involves using AWS Identity and Access Management (IAM) roles to grant temporary permissions to the EC2 instance, rather than hard-coding or storing access keys directly in the application or on the instance. This approach enhances security by minimizing the exposure of long-term credentials and following the principle of least privilege. The EC2 instance assumes a role with specific permissions to interact with the S3 bucket, and AWS automatically rotates temporary credentials for the instance. Options A and B involve storing IAM user's secret keys on the EC2 instance, which is not recommended due to security risks. Option D, modifying the S3 bucket policy to allow any service to upload to it at any time, is also not recommended as it may lead to security vulnerabilities and compromises the principle of least privilege.

Have the EC2 instance assume a role to obtain the privileges to upload the file

Best security practice as it provides temporary credentials with the necessary permissions without storing static keys.

C. Have the EC2 instance assume a role to obtain the privileges to upload the file.

C. Have the EC2 instance assume a role to obtain the privileges to upload the file.

C. Have the EC2 instance assume a role to obtain the privileges to upload the file.

C. Have the EC2 instance assume a role to obtain the privileges to upload the file. Using IAM roles and granting EC2 instances permissions to assume these roles is the best practice for managing access to AWS resources securely. By assigning an IAM role to the EC2 instance and configuring the necessary permissions in the role's policy, you can ensure that the EC2 instance has the appropriate permissions to access the S3 bucket without the need to hard code or store sensitive credentials on the instance. This approach follows the principle of least privilege and enhances security by reducing the risk of exposure of access keys or secrets

C. Have the EC2 instance assume a role to obtain the privileges to upload the file. is correct.

C. Have the EC2 instance assume a role to obtain the privileges to upload the file. Using IAM roles to grant permissions to EC2 instances is a more secure and manageable method compared to hard coding or storing access keys directly on the instance. By assigning an IAM role to the EC2 instance, you can define the necessary permissions for accessing the S3 bucket without exposing any sensitive credentials. This follows the principle of least privilege, ensuring that the EC2 instance only has the permissions it needs to perform its intended tasks, enhancing overall security posture.

The recommended security best practice for giving an Amazon EC2 instance access to an Amazon S3 bucket is option C: Have the EC2 instance assume a role to obtain the privileges to upload the file. This involves using AWS Identity and Access Management (IAM) roles to grant temporary permissions to the EC2 instance, rather than hard-coding or storing access keys directly in the application or on the instance.

Option C is correct

yes C is correct

Have the EC2 instance assume a role to obtain the privileges to upload the file.

Answer is C.

C obviously

C is the correct one

You definitely need a role to access the S3 bucket as best practice! https://repost.aws/knowledge-center/ec2-instance-access-s3-bucket#