Answer-first summary for fast verification
Answer: Grant the EC2 IAM role permission to assume the AccessPII role., Use the AssumeRole API in the application to get temporary credentials for accessing the PII table.
To enable the application in Account B to access the PII table in Account A, the following steps are required: 1) The EC2 IAM role in Account B must have permission to assume the AccessPII role. This is done through assigning permissions, hence option A is correct. 2) The application in Account B must use the AssumeRole API to obtain temporary security credentials for the AccessPII role, allowing access to the PII table. Therefore, option D is correct. The other options either incorrectly suggest direct access (B), unnecessary usage of different APIs (C and E), or do not address the cross-account role assumption mechanism correctly.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
In Account A, a company's Amazon DynamoDB table named PII stores personally identifiable information. Account B hosts an application on EC2 instances needing access to this table. An IAM role 'AccessPII' with permissions to the PII table and a trust policy allowing Account B to assume this role has been set up in Account A. What steps must developers in Account B take to enable their application to access the PII table?
A
Grant the EC2 IAM role permission to assume the AccessPII role.
B
Provide the EC2 IAM role direct access to the PII table.
C
Integrate the AWS API to fetch temporary credentials from the EC2 IAM role for PII table access within the application code.
D
Use the AssumeRole API in the application to get temporary credentials for accessing the PII table.
E
Employ the GetSessionToken API within the application to acquire temporary credentials for the PII table access.
No comments yet.