A company is building software on AWS that requires access to various AWS services. Which configuration
should be used to ensure mat AWS credentials (i.e., Access Key ID/Secret Access Key combination) are not
compromised?
A.
Enable Multi-Factor Authentication for your AWS root account.
B.
Assign an IAM role to the Amazon EC2 instance.
C.
Store the AWS Access Key ID/Secret Access Key combination in software comments.
D.
Assign an IAM user to the Amazon EC2 Instance.
Explanation:
Use roles for applications that run on Amazon EC2 instances.
Applications that run on an Amazon EC2 instance need credentials in order to access other AWS services. To
provide credentials to the application in a secure way, use IAM roles. A role is an entity that has its own set of
permissions, but that isn’t a user or group. Roles also don’t have their own permanent set of credentials the way
IAM users do. In the case of Amazon EC2, IAM dynamically provides temporary credentials to the EC2
instance, and these credentials are automatically rotated for you.
http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#use-roles-with-ec2
B
Agree, B is correct.
http://www.aiotestking.com/amazon/which-configuration-should-be-used-to-ensure-mat-aws-credentials-ie-access-key-idsecret-access-key-combination-are-not-compromised/
A is not correct b/c you wouldn’t design software to store/use root credentials, unless you are a nut.
I would say to be 100% correct both (A and B) are right!
the question is talking about “access to various AWS-services) => by “Assign an IAM role to the Amazon EC2 instance” you just protect EC2-service
thus with answer A you protect all your AWS-services
br!
Carl