ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 93 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 93
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

An administrator is using Amazon CloudFormation to deploy a three tier web application that consists of a web tier and application tier that will utilize Amazon
DynamoDB for storage when creating the CloudFormation template.
Which of the following would allow the application instance access to the DynamoDB tables without exposing API credentials?

  • A. Create an Identity and Access Management Role that has the required permissions to read and write from the required DynamoDB table and associate the Role to the application instances by referencing an instance profile.
  • B. Use the Parameter section in the Cloud Formation template to nave the user input Access and Secret Keys from an already created IAM user that has me permissions required to read and write from the required DynamoDB table.
  • C. Create an Identity and Access Management Role that has the required permissions to read and write from the required DynamoDB table and reference the Role in the instance profile property of the application instance.
  • D. Create an identity and Access Management user in the CloudFormation template that has permissions to read and write from the required DynamoDB table, use the GetAtt function to retrieve the Access and secret keys and pass them to the application instance through user-data.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Dgix at March 30, 2021, 5:02 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Dgix
Highly Voted 3 years, 5 months ago
A: "...and associate the Role to the application instances by referencing an instance profile" C: "...and reference the Role in the instance profile property of the application instance" The correct answer is not C, as the instance profile property of an instance doesn't refer to an IAM Role, it refers to an Instance Profile, which is a resource in its own right. Therefore, the correct answer is A.
upvoted 7 times
ExtHo
3 years, 5 months ago
It would be A if you were doing it directly in EC2. However, since it says you have to use CloudFormation then you have to add the reference to the profile in the template. This means the answer is C. When we doing with CloudFormation Template we need to update under properties. See following. Type: AWS::IAM::InstanceProfile Properties: InstanceProfileName: String Path: String Roles: - String
upvoted 15 times
01037
3 years, 4 months ago
Yes it's C
upvoted 2 times
...
...
...
codeScalable
Most Recent 20 hours, 1 minute ago
Selected Answer: C
The correct answer is C. You've got to take a closer look at the difference between A & C
upvoted 1 times
...
amministrazione
7 months ago
A. Create an Identity and Access Management Role that has the required permissions to read and write from the required DynamoDB table and associate the Role to the application instances by referencing an instance profile.
upvoted 1 times
...
JPA210
1 year, 1 month ago
Selected Answer: A
I would go to A like TigerInTheCloud say: I prefer A. Normally we, at least me, use the term "attach" or "associate". AWS CLI iam subcommand 'add-role-to-instance-profile' and ec2 subcommand 'associate-iam-instance-profile' perform the task. Also, just checked, term, associate not reference, is used in AWS document. C is not wrong , is true that we reference the Role in the instance profile, but we just do not use that term. We use attach or associate.
upvoted 1 times
...
SkyZeroZx
1 year, 9 months ago
Selected Answer: C
The correct answer is option C: Create an Identity and Access Management (IAM) Role that has the required permissions to read and write from the required DynamoDB table and reference the Role in the instance profile property of the application instance. By creating an IAM Role and associating it with the instance profile of the application instances, you can grant the necessary permissions to access DynamoDB without exposing API credentials. The IAM Role acts as a set of temporary security credentials that can be assumed by the instances. This approach follows the recommended security best practices of AWS.
upvoted 1 times
...
TigerInTheCloud
2 years, 2 months ago
Selected Answer: A
English test :-) I prefer A. Normally we, at least me, use the term "attach" or "associate". AWS CLI iam subcommand 'add-role-to-instance-profile' and ec2 subcommand 'associate-iam-instance-profile' perform the task. Also, just checked, term, associate not reference, is used in AWS document, https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
upvoted 1 times
hobokabobo
2 years, 2 months ago
Question ask for Cloudformation template and not Cli. Makes all the difference.
upvoted 1 times
...
...
cldy
3 years, 3 months ago
C. Create an Identity and Access Management Role that has the required permissions to read and write from the required DynamoDB table and reference the Role in the instance profile property of the application instance.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago