Q7 — AWS DVA-C02 Ch.2
Question 7 of 100 | ← Chapter 2
A developer has deployed an application that runs on an Amazon EC2 instance. The developer is adding functionality to the application to upload objects to an Amazon S3 bucket. Which policy must the developer modify to allow the instance to upload these objects?
- A. The IAM policy attached to the EC2 instance profile role ✓
- B. The session policy applied to the EC2 instance role session
- C. The AWS Key Management Service (AWS KMS) key policy attached to the EC2 instance profile role
- D. The Amazon VPC endpoint policy
Correct Answer: A. The IAM policy attached to the EC2 instance profile role
Explanation
Option A refers to the IAM policy attached to the EC2 instance profile role. EC2 instances access other AWS services—including S3—via their instance profile role. To allow an EC2 instance to write to an S3 bucket, the developer should modify the IAM policy attached to the instance profile role to include S3 write permissions. Among the other options, B refers to a session policy applied to the EC2 instance role session, which is not a common configuration. C refers to an AWS KMS key policy attached to the EC2 instance profile role, which is unrelated to S3 object write permissions. D refers to an Amazon VPC endpoint policy, which is unrelated to granting EC2 instances permission to write S3 objects. 【Lantern Certification provided by: swufelp1999】