In the context of IAM roles for Amazon EC2, which of the following NOT true about delegating
permission to make API requests?
A.
You cannot create an IAM role.
B.
You can have the application retrieve a set of temporary credentials and use them.
C.
You can specify the role when you launch your instances.
D.
You can define which accounts or AWS services can assume the role.
Explanation:
Amazon designed IAM roles so that your applications can securely make API requests from your
instances, without requiring you to manage the security credentials that the applications use.
Instead of creating and distributing your AWS credentials, you can delegate permission to make
API requests using IAM roles as follows: Create an IAM role. Define which accounts or AWS
services can assume the role. Define which API actions and resources the application can use
after assuming the role. Specify the role when you launch your instances. Have the application
retrieve a set of temporary credentials and use them.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
B it is!
The answer says “cannot” which is not true.
A is the Correct One