Answer-first summary for fast verification
Answer: Assign an IAM role to the EC2 instance with a policy for specific S3 bucket operations.
The correct answer is option B. By assigning an IAM role to the EC2 instance with a policy that grants specific permissions (s3:ListBucket and s3:*Object) for the necessary S3 buckets, the developer ensures secure API requests without managing credentials manually. This approach aligns with the principle of least privilege by granting only the necessary permissions. Option A involves managing credentials directly, which is less secure. Option C grants broader permissions than needed, violating the principle of least privilege. Option D, while setting bucket policies, does not offer the flexibility and security that using IAM roles provides.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can a developer ensure secure API requests to multiple S3 buckets from an EC2 instance without managing application credentials, applying the principle of least privilege?
A
Create an IAM user with access keys and associate with a policy allowing full S3 permissions.
B
Assign an IAM role to the EC2 instance with a policy for specific S3 bucket operations.
C
Use an IAM role with AmazonS3FullAccess policy for the EC2 instance.
D
Implement a bucket policy granting the EC2 instance permissions for bucket listing and object operations.
No comments yet.