ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer Associate All Questions

View all questions & answers for the AWS Certified Developer Associate exam
Go to Exam

Exam AWS Certified Developer Associate topic 1 question 149 discussion

Exam question from Amazon's AWS Certified Developer Associate
Question #: 149
Topic #: 1
[All AWS Certified Developer Associate Questions]

A development team is building a new application that will run on Amazon EC2 and use Amazon DynamoDB as a storage layer. The developers all have assigned IAM user accounts in the same IAM group. The developers currently can launch EC2 instances, and they need to be able to launch EC2 instances with an instance role allowing access to Amazon DynamoDB.

Which AWS IAM changes are needed when creating an instance role to provide this functionality?

  • A. Create an IAM permission policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows DynamoDB to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:GetRole and iam:PassRole permissions for the role.
  • B. Create an IAM permissions policy attached to the role that allows access to DynamoDAdd a trust policy to the role that allows Amazon EC2 to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:PassRole permission for the role.
  • C. Create an IAM permission policy attached to the role that allows access to Amazon EC2. Add a trust policy to the role that allows DynamoDB to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:PassRole permission for the role.
  • D. Create an IAM permissions policy attached to the role that allows access to DynamoDB. Add a trust policy to the role that allows Amazon EC2 to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam:GetRole permission for the role.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by dark_cherrymon at Nov. 21, 2022, 2:54 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
suru003
2 years, 1 month ago
what's DynamoDAdd?
upvoted 2 times
...
sichilam
2 years, 4 months ago
Why not C?
upvoted 1 times
tieyua
2 years, 4 months ago
Policy attached to a Role for EC2 instance profile. Policy gives Role access to Dynamo and allows developer to passrole into EC2 during launch.
upvoted 3 times
...
nmc12
1 year, 7 months ago
True answer is B. Not C because: This permission allows one AWS service to "pass" a role to another AWS service. A common use case is with Amazon EC2. When you launch an EC2 instance and you want it to assume an IAM role (e.g., to give it permissions to access DynamoDB), you're essentially "passing" that role to the EC2 service. For this, the entity (user or service) trying to create the EC2 instance needs the iam:PassRole permission for the role it's trying to assign to the EC2 instance. If you don't have the iam:PassRole permission for a specific role, you can't assign that role to resources.
upvoted 2 times
...
...
michaldavid
2 years, 6 months ago
Selected Answer: B
BBBBBBB
upvoted 1 times
...
dark_cherrymon
2 years, 6 months ago
Selected Answer: B
i picked b
upvoted 1 times
dark_cherrymon
2 years, 6 months ago
it's pass role and not get role "An IAM permissions policy attached to the IAM user that allows the user to pass only those approved roles. You usually add iam:GetRole to iam:PassRole so the user can get the details of the role to be passed" https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html the rest of the question was a bit of a grammer issue and i'm not too certain
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel