A solutions architect is using Amazon EC2 instances to host an application. The solutions architect needs to grant permissions for the application to access an Amazon DynamoDB table.
Which solution will meet this requirement?
A.
Create access keys to access the DynamoDB table. Assign the access keys to the EC2 instance profile.
B.
Create an EC2 key pair to access the DynamoDB table. Assign the key pair to the EC2 instance profile.
C.
Create an IAM user to access the DynamoDB table. Assign the IAM user to the EC2 instance profile.
D.
Create an IAM role to access the DynamoDB table. Assign the IAM role to the EC2 instance profile.
The correct solution is to create anIAM roleand attach it to the EC2 instance profile. AWS documentation states that applications running on EC2 should use IAM roles so the instance can receivetemporary credentials automaticallythrough the instance metadata service. This avoids embedding long-term access keys in code or on the server. DynamoDB supports IAM and temporary credentials, so the application can use the role’s permissions to access the table securely. EC2 key pairs are only for SSH access and have nothing to do with DynamoDB authorization. IAM users and long-term access keys are less secure and create unnecessary credential management overhead.
============
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit