A company is developing a new application that will run on Amazon EC2 instances. The application needs to access multiple AWS services.
The company needs to ensure that the application will not use long-term access keys to access AWS services.
A.
Create an IAM user. Assign the IAM user to the application. Create programmatic access keys for the IAM user. Embed the access keys in the application code.
B.
Create an IAM user that has programmatic access keys. Store the access keys in AWS Secrets Manager. Configure the application to retrieve the keys from Secrets Manager when the application runs.
C.
Create an IAM role that can access AWS Systems Manager Parameter Store. Associate the role with each EC2 instance profile. Create IAM access keys for the AWS services, and store the keys in Parameter Store. Configure the application to retrieve the keys from Parameter Store when the application runs.
D.
Create an IAM role that has permissions to access the required AWS services. Associate the IAM role with each EC2 instance profile.
IAM Roles with Instance Profiles: Allow applications to access AWS services securely without hardcoding long-term access keys.
Short-Term Credentials: IAM roles issue short-term credentials dynamically managed by AWS.
Why Other Options Are Not Ideal:
Option A and B: Embedding or retrieving long-term access keys introduces security risks and operational overhead.
Option C: Combining IAM roles with Parameter Store adds unnecessary complexity.
AWS References:
IAM Roles and Instance Profiles:AWS Documentation - IAM Roles
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit