An application running on Amazon EC2 instances needs to write files to an Amazon S3 bucket. What is the MOST secure way to grant the application access to the S3 bucket?
A.
Create an IAM user with the necessary privileges. Generate an access key and embed the key in the code running on the EC2 instances.
B.
Install secure FTP (SFTP) software on the EC2 instances. Use an AWS Lambda function to copy the files from the EC2 instances to Amazon S3 using SFTP.
C.
Create an IAM role with the necessary privileges. Associate the role with the EC2 instances at launch.
D.
Use rsync and cron to set up the transfer of files from the EC2 instances to the S3 bucket. Enable AWS Shield to protect the data.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
Although a role is usually assigned to an EC2 instance when you launch it, a role can also be attached to an EC2 instance that is already running.
Creating an IAM role and associating it with the EC2 instances allows you to grant specific permissions to the instances without having to embed access keys or credentials directly in the code or configuration files. By using IAM roles, you can ensure that the EC2 instances have the necessary permissions to write files to the S3 bucket while following the principle of least privilege.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
saumenP
Highly Voted 2 years, 7 months agosaumenP
Highly Voted 2 years, 7 months agoalbert_kuo
Most Recent 10 months agoabhishek_m_86
2 years, 5 months agojackdryan
2 years, 5 months agoMFDOOM
2 years, 6 months agocloud
2 years, 6 months ago