Question #1166
Which action should a company take to securely enable an application running on an EC2 instance to access AWS resources?
Attach an IAM role with the necessary permissions to the EC2 instance.
Create an access key for the AWS account root user and embed it in the application.
Store long-term IAM user access keys in the application's environment variables.
Create an IAM user with administrator permissions and hardcode their credentials in the application.
Explanation
The correct answer is A. IAM roles allow applications on EC2 instances to securely access AWS resources by providing temporary credentials via the instance metadata service. These credentials are automatically rotated, reducing the risk of exposure.
- Why A is correct: IAM roles eliminate the need to store credentials in the application or environment, adhering to AWS security best practices.
- Why B is incorrect: Using the root user’s access key poses extreme security risks, as it grants full account access and violates the principle of least privilege.
- Why C is incorrect: Long-term access keys stored in environment variables are vulnerable to leaks and require manual rotation, making them less secure than temporary credentials.
- Why D is incorrect: Hardcoding credentials (even for an IAM user) is insecure, and granting administrator permissions violates the principle of least privilege.
Key Takeaway: Always use IAM roles for EC2 applications to ensure secure, temporary credential management without exposing sensitive keys.
Answer
The correct answer is: A