A security engineer is tasked with using Amazon EC2 Image Builder to create an image of an EC2 instance. The engineer has set up the pipeline to send logs to an Amazon S3 bucket. However, when running the pipeline, the build fails with an 'AccessDenied: Access Denied' error, status code 403. To resolve this issue while adhering to least privilege access best practices, which two steps should the engineer take?

Exam-Like

Ensure that the following policies are attached to the IAM role used by the security engineer: EC2InstanceProfileForImageBuilder, EC2InstanceProfileForImageBuilderECRContainerBuilds, and AmazonSSMManagedInstanceCore.

10.0%

Ensure that the following policies are attached to the instance profile for the EC2 instance: EC2InstanceProfileForImageBuilder, EC2InstanceProfileForImageBuilderECRContainerBuilds, and AmazonSSMManagedInstanceCore.

40.0%

Ensure that the AWSImageBuilderFullAccess policy is attached to the instance profile for the EC2 instance.

0.0%

Ensure that the security engineer's IAM role has the s3:PutObject permission for the S3 bucket.

10.0%

Ensure that the instance profile for the EC2 instance has the s3:PutObject permission for the S3 bucket.

40.0%

AWS Certified Security - Specialty

Get started today

Comments