You launch an Amazon EC2 instance without an assigned AVVS identity and Access Management (IAM) role.
Later, you decide that the instance should be running with an IAM role. Which action must you take in order to
have a running Amazon EC2 instance with an IAM role assigned to it?
A.
Create an image of the instance, and register the image with an IAM role assigned and an Amazon EBS
volume mapping.
B.
Create a new IAM role with the same permissions as an existing IAM role, and assign it to the running
instance.
C.
Create an image of the instance, add a new IAM role with the same permissions as the desired IAM role,
and deregister the image with the new role assigned.
D.
Create an image of the instance, and use this image to launch a new instance with the desired IAM role
assigned.
Explanation:
Explanation/Reference:http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-usingrole-ec2instance.html
b
sorry d
It should be B only, As AWS now supports changing of IAM Role without stopping the instance.
Answer should be B.
B. You can now assign roles without stopping the instances.
I would go with D, B states you need to create a new IAM role like an existing one then attach it to the EC2 instance. Why do you have to create a new IAM role? why not just assign the existing one? D sounds more complete (although I know AWS allows adding roles now to a running instance).
I choose B
Legacy questions, when written D was correct, now since 2017 u can add a role to existing instance.
B. As per AWS latest enhancement
Create a new IAM role with the same permissions as an existing IAM role, and assign it to the running instance.
If this is on the test then it’s an old question looking for an old answer. I would pick D on the test unless there is an answer that simply states assign a role to an instance without creating a new one.
legacy question .. now you can assign IAM role to running instance
If you are running ec2 within vpc then it will be applied for same running instance but earlier we had ec2 classic security group which will start to effect after created new instance attach rules and launch instance
B.
as per latest AWS changes.