Answer-first summary for fast verification
Answer: Create an IAM role with an AmazonDynamoDBReadOnlyAccess policy and apply it to the EC2 instance profile
Create an IAM role with an AmazonDynamoDBReadOnlyAccess policy and apply it to the EC2 instance profile As an AWS security best practice, you should not create an IAM user and pass the user's credentials to the application or embed the credentials in the application. Instead, create an IAM role that you attach to the EC2 instance to give temporary security credentials to applications running on the instance. When an application uses these credentials in AWS, it can perform all of the operations that are allowed by the policies attached to the role. So for the given use-case, you should create an IAM role with an AmazonDynamoDBReadOnlyAccess policy and apply it to the EC2 instance profile.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
An IT company operates a web application hosted on Amazon EC2 instances. The application requires read-only access to an Amazon DynamoDB table to retrieve data.
As a Developer Associate, what is the best-practice solution you would recommend to achieve this requirement?
A
Run application code with AWS account root user credentials to ensure full access to all AWS services
B
Create an IAM role with an AmazonDynamoDBReadOnlyAccess policy and apply it to the EC2 instance profile
C
Create an IAM user with Administrator access and configure AWS credentials for this user on the given EC2 instance
D
Create a new IAM user with access keys. Attach an inline policy to the IAM user with read-only access to DynamoDB. Place the keys in the code. For security, redeploy the code whenever the keys rotate
No comments yet.