Answer-first summary for fast verification
Answer: Fix the IAM permissions for the EC2 instance role
Fix the IAM permissions for the EC2 instance role You should use an IAM role to manage temporary credentials for applications that run on an EC2 instance. When you use a role, you don't have to distribute long-term credentials (such as a user name and password or access keys) to an EC2 instance. Instead, the role supplies temporary permissions that applications can use when they make calls to other AWS resources. In this case, make sure your role has access to the S3 bucket. Incorrect options: Fix the IAM permissions for the CodeDeploy service role - The fact that CodeDeploy deployed the application to EC2 instances tells us that there was no issue between those two. The actual issue is between the EC2 instances and S3. Make the S3 bucket public - This is not a good practice, you should strive to provide least privilege access. You may have files in here that should not be allowed public access and you are opening the door to security breaches. Enable CodeDeploy Proxy - This is not correct as we don't need to look into CodeDeploy settings but rather between EC2 and S3 permissions.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
As an AWS Certified Developer Associate, you are responsible for ensuring seamless deployments and application functionality. Recently, you successfully executed an AWS CodeDeploy deployment to T2 instances. This new application revision involves making API calls to Amazon S3. However, post-deployment, the application is experiencing authorization exceptions, which indicates possible permission issues.
Given this scenario, what steps should you take to troubleshoot and resolve the issue?
A
Enable CodeDeploy Proxy
B
Make the S3 bucket public
C
Fix the IAM permissions for the EC2 instance role
D
Fix the IAM permissions for the CodeDeploy service role
No comments yet.