Exam AWS Certified Developer Associate topic 1 question 5 discussion

You choice is either User or Role. Creating a role and assigning it to something is preffered over creating a user. An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have standard long-term credentials such as a password or access keys associated with it. Instead, when you assume a role, it provides you with temporary security credentials for your role session. A - Create User (Role is better) B - Create Role C - Add role to Resource D - Create role and add to IAM group (Users live in groups) E - Add User to EC2

A) Eliminated: IAM users are meant for human access, not applications or services.

BC Is correct

Using IAM role is better and using an EC2 instance profile creates opportunity to resuse profile for many more EC2. It does not make sense creating a user role for an AWS service.

BC Is correct

the most secure is role, so option is B and C

- Create an IAM role that has permissions to the S3 bucket. - Add the IAM role to an instance profile. Attach the instance profile to the EC2 instance. We first need to create a n IAM Role with permissions to read and eventually write a specific S3 bucket. Then, we need to attach the role to the EC2 isntance through an instance profile. In this way, the ec2 instance has the permissinos to read and eventually write the specified S3 bucket

Saw this question in the exam today (Feb 2023)

It should be B and C

Instance role over IAM user ALWAYS

B and C

Role always safe. B&C

Should be B&C

Correct!