Topic 1 Question 966

AWS Certified Solutions Architect - Associate

Topic 1 Question 966
A company wants to create an Amazon EMR cluster that multiple teams will use. The company wants to ensure that each team’s big data workloads can access only the AWS services that each team needs to interact with. The company does not want the workloads to have access to Instance Metadata Service Version 2 (IMDSv2) on the cluster’s underlying EC2 instances.

Which solution will meet these requirements?
- Configure interface VPC endpoints for each AWS service that the teams need. Use the required interface VPC endpoints to submit the big data workloads.
- Create EMR runtime roles. Configure the cluster to use the runtime roles. Use the runtime roles to submit the big data workloads.
- Create an EC2 IAM instance profile that has the required permissions for each team. Use the instance profile to submit the big data workloads.
- Create an EMR security configuration that has the EnableApplicationScopedIAMRole option set to false. Use the security configuration to submit the big data workloads.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: B
  Explanation: EMR Runtime Roles: By creating EMR runtime roles, you can assign specific IAM roles to individual EMR jobs or steps. Each role can have fine-grained permissions, allowing you to restrict access to only the AWS services each team needs. This provides a highly controlled environment where each team's workload operates under the principle of least privilege.
  
  IMDSv2 Access: When using runtime roles, you do not rely on the EC2 instance profile for service access, thereby minimizing the need for the workloads to access the Instance Metadata Service. This can help in reducing the risk of unauthorized access to IMDSv2.
  
  👍 3
  [Removed]2024/08/19
- 正解だと思う選択肢: B
  This approach avoids the need for workloads to access the Instance Metadata Service (IMDSv2) on the underlying EC2 instances, as the permissions are managed through the runtime roles.
  
  👍 2
  dhewa2024/08/20
- 正解だと思う選択肢: B
  B. Creating EMR runtime roles and configuring the cluster to use them is the correct solution. EMR runtime roles allow you to grant specific permissions to the big data workloads, ensuring that each team's workloads can only access the required AWS services. Additionally, the runtime roles can be configured to disable access to IMDSv2, meeting the requirement.
  
  👍 2
  martinadurcakova12024/10/09
シャッフルモード

ユーザの投票

コメント(5)