AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company is implementing a new business application. The application runs on two Amazon EC2 instances and uses an Amazon S3 bucket for document storage. A solutions architect needs to ensure that the EC2 instances can access the S3 bucket.

What should the solutions architect do to meet this requirement?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Create an IAM role that grants access to the S3 bucket. Attach the role to the EC2 instances.

Create an IAM policy that grants access to the S3 bucket. Attach the policy to the EC2 instances.

Create an IAM group that grants access to the S3 bucket. Attach the group to the EC2 instances.

Create an IAM user that grants access to the S3 bucket. Attach the user account to the EC2 instances.

Explanation:

Explanation

The correct answer is A because:

IAM Roles for EC2 Instances: IAM roles are specifically designed to grant AWS service permissions to EC2 instances. When you attach an IAM role to an EC2 instance, the instance automatically receives temporary security credentials that allow it to access AWS resources like S3 buckets.
Why other options are incorrect:
- Option B: IAM policies cannot be directly attached to EC2 instances. Policies must be attached to IAM users, groups, or roles.
- Option C: IAM groups are collections of IAM users and cannot be attached to EC2 instances.
- Option D: IAM users are for human users or applications that need long-term credentials, not for EC2 instances. Storing user credentials on EC2 instances is a security risk.
Best Practice: Using IAM roles with EC2 instances follows the principle of least privilege and eliminates the need to manage credentials on the instances. The role provides temporary credentials that are automatically rotated.
Implementation: The solutions architect should:
- Create an IAM role with a policy that grants the necessary S3 permissions
- Attach the role to the EC2 instances (either during instance launch or afterwards)
- The application running on the EC2 instances can then use the AWS SDK to access the S3 bucket without needing to store credentials

Powered ByGPT-5.2

Comments

Loading comments...