Examtopics

コメント(17)

• 正解だと思う選択肢: C

  The recommended security best practice for giving an Amazon EC2 instance access to an Amazon S3 bucket is option C: Have the EC2 instance assume a role to obtain the privileges to upload the file. This involves using AWS Identity and Access Management (IAM) roles to grant temporary permissions to the EC2 instance, rather than hard-coding or storing access keys directly in the application or on the instance.

  This approach enhances security by minimizing the exposure of long-term credentials and following the principle of least privilege. The EC2 instance assumes a role with specific permissions to interact with the S3 bucket, and AWS automatically rotates temporary credentials for the instance.

  Options A and B involve storing IAM user's secret keys on the EC2 instance, which is not recommended due to security risks. Option D, modifying the S3 bucket policy to allow any service to upload to it at any time, is also not recommended as it may lead to security vulnerabilities and compromises the principle of least privilege.

  👍 16

  TheFivePips2024/01/24

• C. Have the EC2 instance assume a role to obtain the privileges to upload the file.

  Using IAM roles to grant permissions to EC2 instances is a more secure and manageable method compared to hard coding or storing access keys directly on the instance. By assigning an IAM role to the EC2 instance, you can define the necessary permissions for accessing the S3 bucket without exposing any sensitive credentials. This follows the principle of least privilege, ensuring that the EC2 instance only has the permissions it needs to perform its intended tasks, enhancing overall security posture.

  👍 3

  Itzmelakshmikanth31082024/03/22
• 正解だと思う選択肢: C

  Option C is correct

  👍 2

  Vasisht2023/12/27