Explanation:
The most secure way to grant permissions to applications running on Amazon EC2 instances is by using IAM roles. This avoids the need to manage long-term credentials like access keys (as in options A and B). Option D is more secure than C because it follows the principle of least privilege by specifying only the required permissions (SendMessage, ReceiveMessage, DeleteMessage) instead of granting all SQS permissions (sqs:*).
Ultimate access to all questions.
Question #22 \nAn Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon SQS) queues. A CloudOps engineer must ensure that the application can read, write, and delete messages from the SQS queues. \nWhich solution will meet these requirements in the MOST secure manner?
A
Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Embed the IAM user's credentials in the application's configuration.
B
Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Export the IAM user's access key and secret access key as environment variables on the EC2 instance.
C
Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows sqs:* permissions to the appropriate queues.
D
Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.
E
None
F
None
No comments yet.