Exam AWS Certified Cloud Practitioner topic 1 question 172 discussion

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html

✅ IAM Roles allow applications running on AWS (such as EC2, Lambda, or ECS) to assume temporary security credentials without storing long-term access keys. ✅ They use the AWS Security Token Service (STS) to grant permissions dynamically. ✅ This enhances security by preventing hardcoding of credentials in the application code.

An IAM role is the best practice when an application or service needs AWS credentials and authorizations to use AWS services

D is not a role guys, it's a security measure.

A. IAM role As a best practice for granting AWS credentials and authorizations to a web application, you should use an IAM role. IAM roles are a secure way to grant permissions to AWS resources, such as services or applications, without the need for long-term access keys (access key ID and secret access key). Roles are typically assumed by trusted entities, like AWS services or EC2 instances, to securely delegate access to resources. Using IAM roles for web applications is generally recommended over IAM users (B) or IAM groups (C) because they provide temporary credentials and reduce the risk associated with long-lived access keys. IAM multi-factor authentication (MFA) (D) is a security feature that adds an extra layer of protection to IAM users but is not directly related to granting credentials and authorizations to a web application.

The answer is A and the proof is in this URL: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html

D. IAM multi-factor authentication (MFA) "We recommend using IAM roles for human users and workloads that access your AWS resources so that they use temporary credentials. However, for scenarios in which you need an IAM user or root user in your account, require MFA for additional security. With MFA, users have a device that generates a response to an authentication challenge. Each user's credentials and device-generated response are required to complete the sign-in process. " https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#enable-mfa-for-privileged-users

Answer is D. IAM multi-factor authentication (MFA) https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html Require multi-factor authentication (MFA) https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#enable-mfa-for-privileged-users

IAM roles are designed to be assumed by trusted entities, such as AWS services or applications, to obtain temporary security credentials. They are recommended for scenarios where you want to grant permissions to entities that you do not want to create and manage long-term IAM users for. By assigning an IAM role to the web application, the application can assume the role and obtain temporary security credentials. These credentials can then be used to make authorized API requests to AWS services on behalf of the application, without the need to directly embed long-term access keys or IAM user credentials in the application code. IAM roles provide an added layer of security by allowing you to define fine-grained permissions and policies for the role. This ensures that the web application only has access to the necessary AWS services and resources required for its functionality, reducing the risk of unauthorized access or misuse.

the company should use IAM roles to grant AWS credentials and authorizations to its web application. IAM roles are a secure way to grant permissions to an entity that needs to access AWS resources. In this case, the web application needs to access AWS services using AWS credentials and authorizations. By using an IAM role, the web application can assume the role and gain temporary security credentials to access the AWS services. This eliminates the need to store and manage long-term access keys or secret keys within the application code, reducing the risk of accidental exposure or misuse. IAM roles can be assigned policies that define the specific permissions required by the web application to access the necessary AWS services. This allows the company to grant the least privilege required for the web application to function correctly.

D is the answer

D is the answer

"requires AWS credentials and authorizations" is the key to this answer. It is D MFA. The role assigns the credentials, but the authorizations (plural) is suggesting more than one way to authorize.

A is the answer.