Q35 — AWS DVA-C02 Ch.3
Question 35 of 100 | ← Chapter 3
Todd has an application running on an Amazon EC2 instance that needs to access files stored in an Amazon S3 bucket. The application lists objects stored in the S3 bucket and displays them to users in a table. During testing, developers find that no objects appear in the list. What is the most secure cause of this issue?
- A. Update the IAM instance profile attached to the EC2 instance to include S3:* permissions on the S3 bucket.
- B. Update the IAM instance profile attached to the EC2 instance to include the S3:ListBucket permission on the S3 bucket. ✓
- C. Update the developer's user permissions to include the S3:ListBucket permission on the S3 bucket.
- D. Update the S3 bucket policy to include the S3:ListBucket permission and resolve the issue by setting the Principal element to the account number of the EC2 instance.
Correct Answer: B. Update the IAM instance profile attached to the EC2 instance to include the S3:ListBucket permission on the S3 bucket.
Explanation
Option B is the most secure solution. By updating the IAM instance profile attached to the EC2 instance to include the S3:ListBucket permission on the S3 bucket, the application gains only the necessary permission to list objects in the S3 bucket, rather than granting broad S3:* permissions, which would be less secure.