An organization has created an application which is hosted on the AWS EC2 instance. The application stores images to
S3 when the end user uploads to it. The organization does not want to store the AWS secure credentials required to
access the S3 inside the instance. Which of the below mentioned options is a possible solution to avoid any security
threat?
A.
Use the IAM role and assign it to the instance.
B.
Since the application is hosted on EC2, it does not need credentials to access S3.
C.
Use the X.509 certificates instead of the access and the secret access keys.
D.
Use the IAM based single sign between the AWS resources and the organization application.
Explanation:
The AWS IAM role uses temporary security credentials to access AWS services. Once the role is assigned to an instance,
it will not need any security credentials to be stored on the instance.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
A
A