Which solution will meet these requirements in the MOST secure manner?

SOA-C02 V5 0 Comments

An Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon SQS} queues A SysOps administrator must ensure that the application can read, write, and delete messages from the SQS queues

Which solution will meet these requirements in the MOST secure manner?
A . Create an IAM user with an IAM policy that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues Embed the IAM user’s credentials in the application’s configuration
B . Create an IAM user with an IAM policy that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues Export the IAM user’s access key and secret access key as environment variables on the EC2 instance
C . Create and associate an IAM role that allows EC2 instances to call AWS services Attach an IAM policy to the role that allows sqs." permissions to the appropriate queues
D . Create and associate an IAM role that allows EC2 instances to call AWS services Attach an IAM policy to the role that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues

Answer: D

Explanation:

To ensure that the application running on an Amazon EC2 instance can read, write, and delete messages from the SQS queues in the most secure manner, the recommended approach is to use IAM roles for EC2 instances. This approach avoids the need to embed or export long-term AWS credentials, which can be a security risk.

Create an IAM Role for EC2:

Navigate to the IAM console in the AWS Management Console.

Choose "Roles" in the navigation pane, then click "Create role".

Select "AWS service" as the type of trusted entity and choose "EC2" as the use case. Click "Next:

Permissions".

Attach the Required Permissions:

On the "Attach permissions policies" page, you can either select an existing policy or create a custom policy.

For a custom policy, click "Create policy" and use the following JSON policy to allow the required SQS actions:

json

Copy code

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Action": [

"sqs:SendMessage",

"sqs:ReceiveMessage",

"sqs:DeleteMessage"

],

"Resource": "arn:aws:sqs:region:account-id:queue-name"

}

]

}

Replace region, account-id, and queue-name with appropriate values for your SQS queues.

Assign the Role to the EC2 Instance:

After creating the role with the necessary permissions, navigate to the EC2 console.

Select the instance that needs access to the SQS queues.

In the "Actions" menu, choose "Security", then "Modify IAM role".

Attach the newly created IAM role to the instance.

Verify the Permissions:

Ensure that the IAM role is properly attached to the EC2 instance.

Test the application to confirm that it can successfully perform the required actions (read, write, delete) on the SQS queues.

Reference: IAM Roles for Amazon EC2

Amazon SQS Policy Examples

Latest SOA-C02 Dumps Valid Version with 54 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SOA-C02 PDF     SOA-C02 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments