You want to allow an EC2 instance to assume a role temporarily to access S3 buckets. Which combination is correct?

hard📝 Application Q15 of 15

AWS - Identity and Access Management

AManually run <code>aws sts assume-role</code> on the EC2 instance without any IAM role attached.

BCreate an IAM user with S3 permissions and store its permanent keys on the EC2 instance.

CAttach an IAM role with S3 permissions to the EC2 instance and use the instance profile to assume the role automatically.

DAttach a security group to the EC2 instance that allows S3 access.

Step-by-Step Solution

Solution:

Step 1: Understand EC2 role usage
Attaching an IAM role to EC2 via instance profile allows automatic temporary credentials for S3 access.
Step 2: Evaluate other options
Manually running aws sts assume-role without an attached IAM role fails due to lack of initial credentials. Using permanent IAM user keys is less secure. Security groups control network access, not IAM permissions.
Final Answer:
Attach an IAM role with S3 permissions to the EC2 instance and use the instance profile to assume the role automatically. -> Option C
Quick Check:
EC2 uses instance profile role for temporary access [OK]

Quick Trick: Use instance profile roles for EC2 temporary access [OK]

Common Mistakes:

MISTAKES

Master "Identity and Access Management" in AWS

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More AWS Quizzes