ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 185 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 185
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company runs an application using Amazon ECS. The application creates resized versions of an original image and then makes Amazon S3 API calls to store the resized images in Amazon S3.

How can a solutions architect ensure that the application has permission to access Amazon S3?

  • A. Update the S3 role in AWS IAM to allow read/write access from Amazon ECS, and then relaunch the container.
  • B. Create an IAM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition.
  • C. Create a security group that allows access from Amazon ECS to Amazon S3, and update the launch configuration used by the ECS cluster.
  • D. Create an IAM user with S3 permissions, and then relaunch the Amazon EC2 instances for the ECS cluster while logged in as this account.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Nigma at Nov. 16, 2022, 2:10 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Buruguduystunstugudunstuy
Highly Voted 1 year ago
Selected Answer: B
To ensure that an Amazon Elastic Container Service (ECS) application has permission to access Amazon Simple Storage Service (S3), the correct solution is to create an AWS Identity and Access Management (IAM) role with the necessary S3 permissions and specify that role as the taskRoleArn in the task definition for the ECS application. Option B, creating an IAM role with S3 permissions and specifying that role as the taskRoleArn in the task definition, is the correct solution to meet the requirement.
upvoted 14 times
Buruguduystunstugudunstuy
1 year ago
Option A, updating the S3 role in IAM to allow read/write access from ECS and relaunching the container, is not the correct solution because the S3 role is not associated with the ECS application. Option C, creating a security group that allows access from ECS to S3 and updating the launch configuration used by the ECS cluster, is not the correct solution because security groups are used to control inbound and outbound traffic to resources, and do not grant permissions to access resources. Option D, creating an IAM user with S3 permissions and relaunching the EC2 instances for the ECS cluster while logged in as this account, is not the correct solution because it is generally considered best practice to use IAM roles rather than IAM users to grant permissions to resources.
upvoted 9 times
...
...
Guru4Cloud
Most Recent 3 months, 1 week ago
Selected Answer: B
B. Create an IAM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition
upvoted 4 times
...
cookieMr
6 months ago
Selected Answer: B
Option B: Create an IAM role with S3 permissions and specify that role as the taskRoleArn in the task definition. This approach allows the ECS task to assume the specified role and gain the necessary permissions to access Amazon S3. Option A is incorrect because updating the S3 role in IAM and relaunching the container does not associate the updated role with the ECS task. Option C is incorrect because creating a security group that allows access from Amazon ECS to Amazon S3 does not grant the necessary permissions to the ECS task. Option D is incorrect because creating an IAM user with S3 permissions and relaunching the EC2 instances for the ECS cluster does not associate the IAM user with the ECS task.
upvoted 4 times
...
dydzah
6 months, 3 weeks ago
https://repost.aws/knowledge-center/ecs-fargate-access-aws-services
upvoted 2 times
...
k1kavi1
12 months ago
Selected Answer: B
https://www.examtopics.com/discussions/amazon/view/27954-exam-aws-certified-solutions-architect-associate-saa-c02/ https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html
upvoted 2 times
...
techhb
1 year ago
Selected Answer: B
The short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management role that grants containers in the task permission to call AWS APIs on your behalf.
upvoted 3 times
...
BENICE
1 year ago
Option B
upvoted 2 times
...
career360guru
1 year ago
Selected Answer: B
Option B.
upvoted 3 times
...
k1kavi1
1 year ago
Selected Answer: B
Agreed
upvoted 1 times
...
lighrz
1 year ago
Selected Answer: B
B is the best answer
upvoted 1 times
...
Wpcorgan
1 year, 1 month ago
B is correct
upvoted 1 times
...
taer
1 year, 1 month ago
Selected Answer: B
The answer is B.
upvoted 1 times
...
Nigma
1 year, 1 month ago
B is the answer
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago