ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 493 discussion

Exam question from Amazon's AWS-SysOps
Question #: 493
Topic #: 1
[All AWS-SysOps Questions]

A user has created an application which will be hosted on EC2. The application makes API calls to DynamoDB to fetch certain data. The application running on this instance is using the SDK for making these calls to DynamoDB. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?

  • A. The user should create an IAM user with permissions to access DynamoDB and use its creden-tials within the application for connecting to DynamoDB
  • B. The user should create an IAM user with DynamoDB and EC2 permissions. Attach the user with the application so that it does not use the root account credentials
  • C. The user should attach an IAM role to the EC2 instance with necessary permissions for making API calls to DynamoDB.
  • D. The user should create an IAM role with EC2 permissions to deploy the application
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
With AWS IAM a user is creating an application which runs on an EC2 instance and makes requests to AWS, such as DynamoDB or S3 calls. Here it is recommended that the user should not create an IAM user and pass the user's credentials to the application or embed those credentials inside the ap-plication.
Instead, the user should use roles for EC2 and give that role access to DynamoDB /S3. When the roles are attached to EC2, it will give temporary security credentials to the application hosted on that EC2, to connect with DynamoDB / S3.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html
by sen12 at March 16, 2020, 12:05 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
albert_kuo
10 months, 1 week ago
Selected Answer: C
The best practice for security in this scenario is to attach an IAM role to the EC2 instance. By doing so, the application running on the EC2 instance can use the credentials provided by the IAM role to authenticate and make API calls to DynamoDB. This eliminates the need to store and manage access credentials within the application code or use the root account credentials, enhancing security and simplifying the management of access permissions.
upvoted 1 times
...
TroyMcLure
2 years, 6 months ago
Correct Answer: C
upvoted 1 times
...
a_w_s
2 years, 7 months ago
Answer C
upvoted 1 times
...
sen12
2 years, 7 months ago
Attach IAM Roles to access AWS resources
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago