Answer-first summary for fast verification
Answer: The application continues to use the deleted IAM user's keys.
The correct answer is B. The application is likely still using the IAM user’s access keys stored in the environment variables, which are now invalid since the IAM user has been deleted. When an EC2 instance is associated with an IAM role, the instance metadata service provides temporary credentials that SDKs and the AWS CLI can automatically use. However, if the application is explicitly set to use credentials from the environment variables, it won't switch to instance profile credentials unless it's reconfigured to do so.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A developer modified an EC2 application from using IAM user access keys to an IAM role with equivalent permissions. After restarting, the application faced AWS AccessDeniedException. Despite this, the developer could successfully run DynamoDB commands via AWS CLI on the same server. What is the most likely cause?
A
IAM policy propagation delay.
B
The application continues to use the deleted IAM user's keys.
C
The AWS SDK for Python cannot use credentials from an instance role.
D
Security group restrictions on accessing the instance metadata service endpoint.
No comments yet.