An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a table to the user. During testing, a developer discovers that the application does not show any objects in the list.
What is the MOST secure way to resolve this issue?
A . Update the IAM instance profile that is attached to the EC2 instance to include the S3:* permission for the S3 bucket.
B . Update the IAM instance profile that is attached to the EC2 instance to include the S3:ListBucket permission for the S3 bucket.
C . Update the developer’s user permissions to include the S3:ListBucket permission for the S3 bucket.
D . Update the S3 bucket policy by including the S3:ListBucket permission and by setting the Principal element to specify the account number of the EC2 instance.
Answer: B
Explanation:
IAM instance profiles are containers for IAM roles that can be associated with EC2 instances. An IAM role is a set of permissions that grant access to AWS resources. An IAM role can be used to allow an EC2 instance to access an S3 bucket by including the appropriate permissions in the role’s policy. The S3:ListBucket permission allows listing the objects in an S3 bucket. By updating the IAM instance profile with this permission, the application on the EC2 instance can retrieve the objects from the S3 bucket and display them to the user.
Reference: Using an IAM role to grant permissions to applications running on Amazon EC2 instances
Latest DVA-C02 Dumps Valid Version with 65 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund