ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 163 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 163
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A developer is troubleshooting an application that uses Amazon DynamoDB in the us-west-2 Region. The application is deployed to an Amazon EC2 instance. The application requires read-only permissions to a table that is named Cars. The EC2 instance has an attached IAM role that contains the following IAM policy:



When the application tries to read from the Cars table, an Access Denied error occurs.

How can the developer resolve this error?

  • A. Modify the IAM policy resource to be “arn:aws:dynamodb:us-west-2:account-id:table/*”.
  • B. Modify the IAM policy to include the dynamodb:* action.
  • C. Create a trust policy that specifies the EC2 service principal. Associate the role with the policy.
  • D. Create a trust relationship between the role and dynamodb.amazonaws.com.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by fordiscussionstwo at Oct. 6, 2023, 2:07 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
LemonGremlin
Highly Voted 1 year, 8 months ago
Selected Answer: C
The most reasonable answer here is C. But I think the question is missing some information. https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/
upvoted 6 times
konieczny69
1 year, 4 months ago
What is a trust policy? I know trust relationship, not a trust policy.
upvoted 1 times
...
...
albert_kuo
Most Recent 8 months, 3 weeks ago
Selected Answer: A
The current policy specifies the resource as "arn:aws:dynamodb:us-west-2:account-id:table/Cars". This means the policy only applies to the specific "Cars" table. However, when working with DynamoDB, it's common for the SDK or API calls to need permissions on the table's indexes as well as the table itself. By changing the resource to "arn:aws:dynamodb:us-west-2:account-id:table/*", you're granting the specified read-only actions (GetItem, BatchGetItem, Scan, Query, ConditionCheckItem) on all tables in the account in the us-west-2 region, including any indexes associated with the Cars table. This broader permission will likely resolve the Access Denied error, as it will cover both the table and any associated indexes.
upvoted 2 times
...
wh1t4k3r
9 months, 3 weeks ago
Selected Answer: C
Well, I will guess that this question is badly written on purpose. Anyway: C makes more sense since A and B are going against best practices of least privilege. D makes no sense since the role must trust the service that will use it rather then the service that will be accessed.
upvoted 1 times
...
65703c1
1 year ago
Selected Answer: C
C is the correct answer.
upvoted 1 times
...
PrakashM14
1 year, 8 months ago
Selected Answer: D
D.Create a trust relationship between the role and dynamodb.amazonaws.com. Explanation: Trust Relationship: In AWS, a trust relationship defines who or what entity can assume a role. In this case, the role attached to the EC2 instance needs to trust DynamoDB. The trust relationship is specified in a JSON policy document. DynamoDB Service Principal: The correct service principal for DynamoDB is dynamodb.amazonaws.com. This is the entity that the role needs to trust to allow access to DynamoDB resources.
upvoted 1 times
konieczny69
1 year, 4 months ago
Complete nonsense. Role needs to trust EC2, since its the EC2 who is to assume the role.
upvoted 3 times
...
...
Digo30sp
1 year, 8 months ago
Selected Answer: C
https://www.examtopics.com/discussions/amazon/view/96497-exam-aws-certified-developer-associate-topic-1-question-380/
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel