Question No : 1
You have an application running on an EC2 instance which will allow users to download
files from a private S3 bucket using a pre-signed URL. Before generating the URL, the
application should verify the existence of the file in S3. How should the application use
AWS credentials to access the S3 bucket securely?
A . Create an IAM role for EC2 that allows list access to objects In the S3 bucket; launch
the Instance with the role, and retrieve the role's credentials from the EC2 instance
metadata.
B. Use the AWS account access keys; the application retrieves the credentials from the
source code of the application.
C. Create an IAM user for the application with permissions that allow list access to the S3
bucket; launch the instance as the IAM user, and retrieve the IAM user's credentials from
the EC2 instance user data.
D. Create an IAM user for the application with permissions that allow list access to the S3
bucket; the application retrieves the 1AM user credentials from a temporary directory with
permissions that allow read access only to the Application user.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.