Q43 — AWS DVA-C02 Ch.2

Question 43 of 100 | ← Chapter 2

A developer has deployed an application running on an Amazon EC2 instance. The developer is adding functionality to upload objects to an Amazon S3 bucket.

Correct Answer: A. IAM policy attached to the EC2 instance profile role.

Explanation

For an application running on an Amazon EC2 instance to write objects to an Amazon S3 bucket, the IAM policy attached to the EC2 instance profile role must be modified. IAM policies control access permissions to AWS resources; modifying this policy explicitly grants the EC2 instance permission to write objects to the S3 bucket. Option B’s session policy is typically temporary and session-specific, making it unsuitable for long-term functional requirements. Option C’s AWS KMS key policy relates to encryption, not direct S3 write permissions. Option D’s Amazon VPC endpoint policy controls access to VPC endpoints—not S3 write permissions. Thus, option A is correct. 【Lantern Certification provided by: swufelp1999】