Topic 1 Question 163
A developer is troubleshooting an application that uses Amazon DynamoDB in the us-west-2 Region. The application is deployed to an Amazon EC2 instance. The application requires read-only permissions to a table that is named Cars. The EC2 instance has an attached IAM role that contains the following IAM policy:
When the application tries to read from the Cars table, an Access Denied error occurs.
How can the developer resolve this error?
Modify the IAM policy resource to be “arn:aws:dynamodb:us-west-2:account-id:table/*”.
Modify the IAM policy to include the dynamodb:* action.
Create a trust policy that specifies the EC2 service principal. Associate the role with the policy.
Create a trust relationship between the role and dynamodb.amazonaws.com.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: C
The most reasonable answer here is C. But I think the question is missing some information. https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/
👍 3LemonGremlin2023/10/19 - 正解だと思う選択肢: C👍 2Digo30sp2023/10/06
- 正解だと思う選択肢: D
D.Create a trust relationship between the role and dynamodb.amazonaws.com.
Explanation:
Trust Relationship: In AWS, a trust relationship defines who or what entity can assume a role. In this case, the role attached to the EC2 instance needs to trust DynamoDB. The trust relationship is specified in a JSON policy document.
DynamoDB Service Principal: The correct service principal for DynamoDB is dynamodb.amazonaws.com. This is the entity that the role needs to trust to allow access to DynamoDB resources.
👍 1PrakashM142023/10/18
シャッフルモード