Home › AWS Solutions Architect Associate › cloudcomputing › securearchitectures › What is the BEST practice for granting an EC2 in…
What is the BEST practice for granting an EC2 instance access to an S3 bucket?
AMake the bucket publicly readable and writable to the internet
BAttach an IAM role to the EC2 instance with a policy granting the needed S3 permissions
CHard-code an IAM user's access key into the application code on the instance
DEmail the AWS root credentials to the instance owner
Answer & Solution
Correct answer: B. Attach an IAM role to the EC2 instance with a policy granting the needed S3 permissions
Instance roles deliver short-lived credentials via the metadata service — no keys to leak. Hard-coded keys, public buckets, and root creds are the classic anti-patterns.
Related questions
Which AWS feature lets you store and retrieve secrets (database passwords, API tokens) witWhich AWS service enables an organisation to enforce a baseline of security configuration Which combination implements defense-in-depth network segmentation inside a VPC for a publA team wants short-lived credentials (15 minutes) for an external CI/CD system running OUTA workload needs to encrypt sensitive S3 objects with keys that the customer creates, rotaAn organisation needs to give a partner read-only access to one specific S3 bucket across Which AWS service is purpose-built to find and classify sensitive data (e.g. PII, credit-cWhich AWS service inspects CloudTrail / VPC flow logs / DNS query logs with ML to detect a