The option that is NOT true about delegating permission to make API requests using IAM roles for Amazon EC2 is:
A. You cannot create an IAM role.
This statement is incorrect. You can create IAM roles in AWS to delegate permissions to entities such as EC2 instances, applications, or AWS services. IAM roles are used to grant permissions and allow these entities to make API requests on your behalf.
A right
Explanation:
Amazon designed IAM roles so that your applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use.
Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles as follows: Create an IAM role. Define which accounts or AWS services can assume the role. Define which API actions and resources the application can use after assuming the role. Specify the role when you launch your instances. Have the application retrieve a set of temporary credentials and use them.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
Role cannot be passed while launching, only through instance profile
D is correct IMO.
take a look at https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html.
Go to IAM console, select IAM->Roles->Create Role, then you need to select the Trusted entity type, it can be AWS service or AWS account between others, in case of AWS services the commom use cases mention EC2, Lambda and other services, but not accounts. So I believe that "accounts" is the word in the wrong place here at letter D.
Off course I'd like to hear some feedback from you Guys. Thanks.
Accounts (end all their belonging IAM identities) can assume a role.
https://aws.amazon.com/premiumsupport/knowledge-center/iam-assume-role-cli/
"For example, a principal similar to arn:aws:iam::123456789012:root allows all IAM identities of the account to assume that role."
This would rule out D.
A, seems to be the obvious choice here.
B. Correct. That is precisely what roles are designed to be used for.
C. Correct. You specify a role when you launch an instance via console, not an instance profile (it's managed by aws under the hood).
D. Correct. In a trusted policy an account or an aws service can be specified.
So it's only A that has left.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
amministrazione
8 months, 3 weeks agoSkyZeroZx
1 year, 10 months agoSizuma
2 years, 8 months agoDdssssss
2 years, 11 months agoKuntazulu
3 years agoideoignus
3 years, 1 month agoKuntazulu
3 years agoadsdadasdad
3 years, 2 months agoSerial_X25
3 years, 2 months agotobstar86
3 years, 1 month agomanan728
3 years, 4 months agocldy
3 years, 5 months agovishg
3 years, 3 months agobobsmith2000
3 years, 1 month ago01037
3 years, 6 months agoM_Asep
3 years, 6 months ago