A company runs an application using Amazon ECS. The application creates resized versions of an original image and then makes Amazon S3 API calls to store the resized images in Amazon S3. How can a solutions architect ensure that the application has permission to access Amazon S3?
Choose an answer
Tap an option to check your answer.
Correct answer: Create an IAM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition..
Why this is the answer
The correct approach is to create an IAM role with the necessary S3 permissions and assign it as the taskRoleArn in the ECS task definition. This grants the ECS tasks (containers) the required permissions to interact with S3 without embedding credentials directly in the application or on the underlying EC2 instances. Updating the S3 role is not a standard or direct way to grant permissions to ECS tasks. Creating a security group is for network access control, not for AWS service permissions. Creating an IAM user and logging into EC2 instances is an insecure and unmanageable method for granting application permissions within ECS.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed