AWS Certified Cloud Practitioner

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

According to security best practices, how should an Amazon EC2 instance be given access to an Amazon S3 bucket?

Real Exam

Community

RRitesh

Hard code an IAM user's secret key and access key directly in the application, and upload the file.

Store the IAM user's secret key and access key in a text file on the EC2 instance, read the keys, then upload the file.

Have the EC2 instance assume a role to obtain the privileges to upload the file.

Modify the S3 bucket policy so that any service can upload to it at any time.

Explanation:

Explanation

Using IAM roles for EC2 instances is the AWS security best practice for granting access to AWS services like S3. Here's why:

IAM Roles for EC2: This allows EC2 instances to obtain temporary security credentials automatically
No Hard-coded Credentials: Eliminates the security risk of storing access keys in code or configuration files
Automatic Rotation: Temporary credentials are automatically rotated
Least Privilege: You can assign only the permissions needed for the specific task
No Manual Management: No need to manage or rotate access keys manually

Hard coding credentials: Creates security vulnerabilities as credentials can be exposed in code repositories or application logs
Storing credentials in text files: Still exposes credentials on the instance and requires manual rotation
Modifying S3 bucket policy for any service: Violates the principle of least privilege and creates security risks

This approach follows AWS security best practices and eliminates credential management overhead.

Powered ByGemini-3 Flash

Loading comments...