Answer-first summary for fast verification
Answer: Use an IAM role
Use an IAM role IAM roles have been incorporated so that your applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use. Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles. Amazon EC2 uses an instance profile as a container for an IAM role. When you create an IAM role using the IAM console, the console creates an instance profile automatically and gives it the same name as the role to which it corresponds. This is the most secure option as the role assigned to EC2 can be used to access S3 without storing any credentials onto the EC2 instance. Incorrect options: Create an IAM programmatic user and store the access key and secret access key on the EC2 ~/.aws/credentials file. - While this would work, this is highly insecure as anyone gaining access to the EC2 instance would be able to steal the credentials stored in that file. Use EC2 User Data - EC2 User Data is used to run bootstrap scripts at an instance's first launch. This option is not the right fit for the given use-case. Create an S3 bucket policy that authorizes public access - While this would work, it would allow anyone to access your S3 bucket files. So this option is ruled out.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
An e-commerce application operates on an EC2 instance and is responsible for processing customer orders every night. These orders are stored in an Amazon S3 bucket. Given the requirement for secure access, what method would you recommend for the EC2 instance to connect to the S3 bucket to retrieve the orders?
A
Create an S3 bucket policy that authorises public access
B
Create an IAM programmatic user and store the access key and secret access key on the EC2 ~/.aws/credentials file.
C
Use an IAM role
D
Use EC2 User Data
No comments yet.