ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 227 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 227
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

An application running on an Amazon EC2 instance needs to access an Amazon DynamoDB table. Both the EC2 instance and the DynamoDB table are in the same AWS account. A solutions architect must configure the necessary permissions.
Which solution will allow least privilege access to the DynamoDB table from the EC2 instance?

  • A. Create an IAM role with the appropriate policy to allow access to the DynamoDB table. Create an instance profile to assign this IAM role to the EC2 instance.
  • B. Create an IAM role with the appropriate policy to allow access to the DynamoDB table. Add the EC2 instance to the trust relationship policy document to allow it to assume the role.
  • C. Create an IAM user with the appropriate policy to allow access to the DynamoDB table. Store the credentials in an Amazon S3 bucket and read them from within the application code directly.
  • D. Create an IAM user with the appropriate policy to allow access to the DynamoDB table. Ensure that the application stores the IAM credentials securely on local storage and uses them to make the DynamoDB calls.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by SlimeMould at Nov. 1, 2020, 11:42 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
hqmb
Highly Voted 3 years, 7 months ago
A is correct Roles are designed to be “assumed” by other principals which do define “who am I?”, such as users, Amazon services, and EC2 instances. An instance profile, on the other hand, defines “who am I?” Just like an IAM user represents a person, an instance profile represents EC2 instances. The only permissions an EC2 instance profile has is the power to assume a role. So the EC2 instance runs under the EC2 instance profile, defining “who” the instance is. It then “assumes” the IAM role, which ultimately gives it any real power. https://medium.com/devops-dudes/the-difference-between-an-aws-role-and-an-instance-profile-ae81abd700d#:~:text=Roles%20are%20designed%20to%20be,instance%20profile%20represents%20EC2%20instances.
upvoted 128 times
quangquydw
3 years, 7 months ago
fantastic exp
upvoted 3 times
...
dave0808
3 years, 7 months ago
A it is! beautifully explained
upvoted 12 times
...
emmanuelodenyire
2 years, 9 months ago
Perfect explanation
upvoted 1 times
...
...
SlimeMould
Highly Voted 3 years, 8 months ago
A is ok
upvoted 10 times
kuman
3 years, 7 months ago
Agree A. For B, since both resources are in the same account, trust relationship policy is not required.
upvoted 21 times
...
...
rude7
Most Recent 2 years, 9 months ago
Selected Answer: A
https://www.youtube.com/watch?v=t-uZa7FI9mk
upvoted 2 times
...
queen101
2 years, 9 months ago
AAAAAAAAAAAAAAAAA
upvoted 1 times
...
pri30
2 years, 10 months ago
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
upvoted 1 times
...
Alfene
2 years, 10 months ago
Selected Answer: A
A is correct
upvoted 1 times
...
ProtonUser
2 years, 10 months ago
A is correct. An EC2 instance can assume an IAM role only, so C&D are out. Some people may wonder why A and not B? The answer why B is false: "There is no need for this option because when you create an IAM service role for EC2, the role automatically has EC2 identified as a trusted entity. Therefore this option is not correct."
upvoted 2 times
...
marklovesaws143
2 years, 10 months ago
Selected Answer: A
AAAAAAAAAAAA
upvoted 2 times
...
slcheng
2 years, 10 months ago
Selected Answer: A
Vote A
upvoted 1 times
...
saifeddine92
3 years, 3 months ago
Selected Answer: A
A is correct
upvoted 1 times
...
Rahulsinha
3 years, 4 months ago
Answer is A
upvoted 1 times
...
Robert_B
3 years, 4 months ago
Selected Answer: A
Always create roles, not users and must instance profile helps to inherit the role definition.
upvoted 2 times
...
RagnarLodbrok
3 years, 6 months ago
A is Correct !
upvoted 1 times
...
karthisena
3 years, 7 months ago
An IAM role with policies and permissions, and An EC2 instance profile specifying which roles it can assume
upvoted 1 times
...
bubai01
3 years, 7 months ago
B. Roles for EC2 will have two part a. Permission to carry out the activity , which is the first part of the sentence( policy to access Dynamodb ) b. Trust policy which defines who can assume the role .
upvoted 2 times
lehoang15tuoi
3 years, 7 months ago
Study again and learn what "Trust policy" is used for....
upvoted 4 times
...
cen007
2 years, 11 months ago
I will go with B as well, the question mentioned least privilege.....the trust policy will allow to set different privileges for the roles.
upvoted 1 times
cen007
2 years, 11 months ago
Answer is A.....I read the options again, in this case, it is not the trust policy that will allow the EC2 it to assume role.
upvoted 1 times
...
ProtonUser
2 years, 10 months ago
Hi. There is no need for this option because when you create an IAM service role for EC2, the role automatically has EC2 identified as a trusted entity. Therefore this option is not correct. B acts as a distractor.
upvoted 1 times
...
...
...
syu31svc
3 years, 7 months ago
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html: "Amazon EC2 uses an instance profile as a container for an IAM role" A is the answer
upvoted 2 times
...
KK_uniq
3 years, 7 months ago
A for sure
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel