Explanation:
To enable the application in Account B to access the PII table in Account A, the following steps are required: 1) The EC2 IAM role in Account B must have permission to assume the AccessPII role. This is done through assigning permissions, hence option A is correct. 2) The application in Account B must use the AssumeRole API to obtain temporary security credentials for the AccessPII role, allowing access to the PII table. Therefore, option D is correct. The other options either incorrectly suggest direct access (B), unnecessary usage of different APIs (C and E), or do not address the cross-account role assumption mechanism correctly.
Ultimate access to all questions.
In Account A, a company's Amazon DynamoDB table named PII stores personally identifiable information. Account B hosts an application on EC2 instances needing access to this table. An IAM role 'AccessPII' with permissions to the PII table and a trust policy allowing Account B to assume this role has been set up in Account A. What steps must developers in Account B take to enable their application to access the PII table?
A
Grant the EC2 IAM role permission to assume the AccessPII role.
B
Provide the EC2 IAM role direct access to the PII table.
C
Integrate the AWS API to fetch temporary credentials from the EC2 IAM role for PII table access within the application code.
D
Use the AssumeRole API in the application to get temporary credentials for accessing the PII table.
E
Employ the GetSessionToken API within the application to acquire temporary credentials for the PII table access.
No comments yet.