Q35 — AWS DVA-C02 Ch.3

Question 35 of 100 | ← Chapter 3

Todd has an application running on an Amazon EC2 instance that needs to access files stored in an Amazon S3 bucket. The application lists objects stored in the S3 bucket and displays them to users in a table. During testing, developers find that no objects appear in the list. What is the most secure cause of this issue?

Correct Answer: B. Update the IAM instance profile attached to the EC2 instance to include the S3:ListBucket permission on the S3 bucket.

Explanation

Option B is the most secure solution. By updating the IAM instance profile attached to the EC2 instance to include the S3:ListBucket permission on the S3 bucket, the application gains only the necessary permission to list objects in the S3 bucket, rather than granting broad S3:* permissions, which would be less secure.