Q43 — AWS DVA-C02 Ch.2
Question 43 of 100 | ← Chapter 2
A developer has deployed an application running on an Amazon EC2 instance. The developer is adding functionality to upload objects to an Amazon S3 bucket.
- A. IAM policy attached to the EC2 instance profile role. ✓
- B. Session policy applied to the EC2 instance role session.
- C. AWS Key Management Service (AWS KMS) key policy attached to the EC2 instance profile role.
- D. Amazon VPC endpoint policy.
Correct Answer: A. IAM policy attached to the EC2 instance profile role.
Explanation
For an application running on an Amazon EC2 instance to write objects to an Amazon S3 bucket, the IAM policy attached to the EC2 instance profile role must be modified. IAM policies control access permissions to AWS resources; modifying this policy explicitly grants the EC2 instance permission to write objects to the S3 bucket. Option B’s session policy is typically temporary and session-specific, making it unsuitable for long-term functional requirements. Option C’s AWS KMS key policy relates to encryption, not direct S3 write permissions. Option D’s Amazon VPC endpoint policy controls access to VPC endpoints—not S3 write permissions. Thus, option A is correct. 【Lantern Certification provided by: swufelp1999】