ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 760 discussion

Exam question from Amazon's AWS-SysOps
Question #: 760
Topic #: 1
[All AWS-SysOps Questions]

An application running on Amazon EC2 needs login credentials to access a database. The login credentials are stored in AWS Systems Manager Parameter Store as secure string parameters.
What is the MOST secure way to grant the application access to the credentials?

  • A. Create an IAM EC2 role for the EC2 instances and grant the role permission to read the Systems Manager parameters
  • B. Create an IAM group for the application and grant the group permissions to read the Systems Manager parameters
  • C. Create an IAM policy for the application and grant the policy permission to read the Systems Manager parameters
  • D. Create an IAM user for the application and grant the user permission to read the Systems Manager parameters
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Reference:
https://docs.aws.amazon.com/systems-manager/latest/userguide/security_iam_service-with-iam.html
by nicat at May 8, 2020, 3:07 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AWS_Noob
Highly Voted 2 years, 10 months ago
A - as per best practice. Create a role. In this case, create a role with needed permissions, attach it to the EC2.
upvoted 15 times
AWSvad
2 years, 10 months ago
Thanks for your feedback on the new questions! Please keep it coming - I've got my SysOps exam coming up.
upvoted 1 times
...
...
nicat
Highly Voted 2 years, 10 months ago
A. Create an IAM EC2 role for the EC2 instances and grant the role permission to read the Systems Manager parameters
upvoted 5 times
...
albert_kuo
Most Recent 1 year, 1 month ago
Selected Answer: A
By creating an IAM EC2 role and assigning it to the EC2 instances, you can securely manage and grant the necessary permissions to access the Systems Manager parameters. This approach eliminates the need to manage individual IAM users or credentials, reducing the risk of exposure and enhancing security.
upvoted 1 times
...
gulu73
1 year, 6 months ago
Selected Answer: A
A is the answer
upvoted 1 times
...
0utsider
2 years, 9 months ago
A and C are good but C is better: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html Applications that run on an EC2 instance must include AWS credentials in their AWS API requests. You could have your developers store AWS credentials directly within the EC2 instance and allow applications in that instance to use those credentials. But developers would then have to manage the credentials and ensure that they securely pass the credentials to each instance and update each EC2 instance when it's time to rotate the credentials. That's a lot of additional work. Instead, you can and should use an IAM role to manage temporary credentials for applications that run on an EC2 instance. When you use a role, you don't have to distribute long-term credentials (such as a user name and password or access keys) to an EC2 instance. Instead, the role supplies temporary permissions that applications can use when they make calls to other AWS resources. When you launch an EC2 instance, you specify an IAM role to associate with the instance. Applications that run on the instance can then use the role-supplied temporary credentials to sign API requests.
upvoted 1 times
wahlbergusa
2 years, 9 months ago
When you are using IAM, you do NOT "create an IAM Policy for application" you do associate the policy with either an IAM user/group/role. Hence the only possible answer is A.
upvoted 2 times
...
...
TroyMcLure
2 years, 9 months ago
Correct Answer: A AWS Best Practice is creating a role and assigning it to the instance.
upvoted 1 times
...
RicardoD
2 years, 9 months ago
A is the answer
upvoted 2 times
...
abhishek_m_86
2 years, 10 months ago
A. Create an IAM EC2 role for the EC2 instances and grant the role permission to read the Systems Manager parameters
upvoted 2 times
...
jpush
2 years, 10 months ago
To access EC2 instances, the role your AWS account needs is an IAM instance profile
upvoted 1 times
...
jackdryan
2 years, 10 months ago
I'll go with A
upvoted 1 times
...
waterzhong
2 years, 10 months ago
A - as per best practice. Create a role.
upvoted 2 times
...
AWSTiger
2 years, 10 months ago
Answer A is better - A. Create an IAM EC2 role for the EC2 instances and grant the role permission to read the Systems Manager parameters
upvoted 1 times
...
professor
2 years, 10 months ago
It should be A
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel