A new business application runs on two Amazon EC2 instances and uses an Amazon S3 bucket for document storage. A solutions architect must ensure the EC2 instances can access the S3 bucket. What should the architect do?
Choose an answer
Tap an option to check your answer.
Correct answer: Create an IAM role that grants access to the S3 bucket and attach the role to the EC2 instances..
Why this is the answer
The correct approach is to create an IAM role and attach it to the EC2 instances. IAM roles provide temporary credentials that applications running on EC2 instances can use to securely access AWS services like S3 without embedding long-term access keys directly into the instance or application code. This is a security best practice. Attaching an IAM policy directly to an EC2 instance is not possible; policies are attached to identities (users, groups, roles). Creating an IAM group is for organizing users, not for granting permissions to services like EC2 instances. Creating an IAM user and attaching it to an EC2 instance is insecure and not the intended use case for EC2 instance permissions. IAM users are for human or programmatic access outside of AWS services, and managing user credentials on instances is cumbersome and risky.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed