Which of the below mentioned statements is true with respect to the best practice for security in this scenario?

A user has created an application which will be hosted on EC2. The application makes calls to
DynamoDB to fetch certain data. The application is using the DynamoDB SDK to connect with
from the EC2 instance. Which of the below mentioned statements is true with respect to the best
practice for security in this scenario?

A user has created an application which will be hosted on EC2. The application makes calls to
DynamoDB to fetch certain data. The application is using the DynamoDB SDK to connect with
from the EC2 instance. Which of the below mentioned statements is true with respect to the best
practice for security in this scenario?

A.
The user should attach an IAM role with DynamoDB access to the EC2 instance

B.
The user should create an IAM user with DynamoDB access and use its credentials within the
application to connect with DynamoDB

C.
The user should create an IAM role, which has EC2 access so that it will allow deploying the
application

D.
The user should create an IAM user with DynamoDB and EC2 access. Attach the user with the
application so that it does not use the root account credentials

Explanation:
With AWS IAM a user is creating an application which runs on an EC2 instance and makes
requests to AWS, such as DynamoDB or S3 calls. Here it is recommended that the user should
not create an IAM user and pass the user’s credentials to the application or embed those
credentials inside the application. Instead, the user should use roles for EC2 and give that role
access to DynamoDB /S3. When the roles are attached to EC2, it will give temporary security
credentials to the application hosted on that EC2, to connect with DynamoDB / S3.



Leave a Reply 2

Your email address will not be published. Required fields are marked *