ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer Associate All Questions

View all questions & answers for the AWS Certified Developer Associate exam
Go to Exam

Exam AWS Certified Developer Associate topic 1 question 380 discussion

Exam question from Amazon's AWS Certified Developer Associate
Question #: 380
Topic #: 1
[All AWS Certified Developer Associate Questions]

A developer is troubleshooting an application that uses Amazon DynamoDB in the us-west-2 Region. The application is deployed to an Amazon EC2 instance. The application requires read-only permissions to a table that is named Cars. The EC2 instance has an attached IAM role that contains the following IAM policy:



When the application tries to read from the Cars table, an Access Denied error occurs.

How can the developer resolve this error?

  • A. Modify the IAM policy resource to be “arn:aws:dynamodb-us-west-2:account-id:table/*”
  • B. Modify the IAM policy to include the dynamodb:* action.
  • C. Create a trust policy that specifies the EC2 service principal. Associate the role with the policy.
  • D. Create a trust relationship between the role and dynamodb.amazonaws.com.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by BobAWS23 at Jan. 22, 2023, 4:09 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
JuanFe
2 years, 1 month ago
I Think it'c, because maybe the EC2 instance has the necessary role to perform actions to DynamoDB Table, but it has not the permission to assume the role (trust policy).
upvoted 2 times
...
pancman
2 years, 3 months ago
Selected Answer: C
The most reasonable answer here is C. But I think the question is missing some information. https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/
upvoted 2 times
...
tieyua
2 years, 3 months ago
Selected Answer: C
ABD are apparently wrong, but I can't fully explain C. I'm guessing C implies it's a trust policy from the account/db owner to the EC2 role principal. Consider us-west-2 is mentioned out of nowhere, this might originally be a cross account question getting chopped off. https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-overview.html#access-control-resource-ownership
upvoted 4 times
...
BobAWS23
2 years, 3 months ago
Selected Answer: C
CCCCCCCCCCCCC
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago