which of the following would allow the application Inst…

An administrator is using Amazon CloudFormation to deploy a three tier web application that
consists of a web tier and application tier that will utilize Amazon DynamoDB for storage.
When creating the CloudFormation template which of the following would allow the application
Instance access to the DynamoDB tables without exposing API credentials?

An administrator is using Amazon CloudFormation to deploy a three tier web application that
consists of a web tier and application tier that will utilize Amazon DynamoDB for storage.
When creating the CloudFormation template which of the following would allow the application
Instance access to the DynamoDB tables without exposing API credentials?

A.
Create an Identity and Access Management Role that has the required permissions to read and
write from the .required DynamoDB table and associate the Role to the application instances by
referencing an instance profile.

B.
Create an Identity and Access Management Role that has the required permissions to read and
write from the required DynamoDB table and reference the Role in the instance profile property of
the application instance.

C.
Use the Parameter section in the CloudFormation template to have the user input Access and
Secret keys from an already created IAM user that has the permissions required to read and write
from the required DynamoDB table.

D.
Create an Identity and Access Management user in the CloudFormation template that has
permissions to read and write from the required DynamoDB table, use the GetAtt function to
retrieve the Access and Secret keys and pass them to the application instance through user-data.



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Luyong

Luyong

I think A is correct! Because instance profile is not a property of instance!

Unnat

Unnat

Answer B

Correct One !