The recommended security best practice for giving an Amazon EC2 instance access to an Amazon S3 bucket is option C: Have the EC2 instance assume a role to obtain the privileges to upload the file. This involves using AWS Identity and Access Management (IAM) roles to grant temporary permissions to the EC2 instance, rather than hard-coding or storing access keys directly in the application or on the instance.
This approach enhances security by minimizing the exposure of long-term credentials and following the principle of least privilege. The EC2 instance assumes a role with specific permissions to interact with the S3 bucket, and AWS automatically rotates temporary credentials for the instance.
Options A and B involve storing IAM user's secret keys on the EC2 instance, which is not recommended due to security risks. Option D, modifying the S3 bucket policy to allow any service to upload to it at any time, is also not recommended as it may lead to security vulnerabilities and compromises the principle of least privilege.
The recommended security best practice for giving an Amazon EC2 instance access to an Amazon S3 bucket is option C: Have the EC2 instance assume a role to obtain the privileges to upload the file. This involves using AWS Identity and Access Management (IAM) roles to grant temporary permissions to the EC2 instance, rather than hard-coding or storing access keys directly in the application or on the instance.
✅ C. Have the EC2 instance assume a role to obtain the privileges to upload the file.
Explanation:
According to AWS security best practices, IAM roles should be used to grant temporary credentials to Amazon EC2 instances to securely access AWS resources such as S3 buckets.
This avoids storing or hardcoding credentials, which is insecure.
Why the other options are incorrect:
A. Hard coding access keys: ❌ Not secure. Credentials could be exposed in source code repositories.
B. Storing keys in a text file on EC2: ❌ Also insecure. If the instance is compromised, so are the credentials.
D. Modifying bucket policy to allow any service: ❌ Overly permissive and a security risk. Violates least privilege principle.
🔐 IAM roles with instance profiles allow EC2 to securely access S3 with temporary, automatically rotated credentials.
• Assuming an IAM role is the recommended and secure method to grant temporary, limited access to AWS resources like S3 for EC2 instances.
• When you attach an IAM role to an EC2 instance, AWS automatically provides temporary security credentials to the instance via the metadata service — eliminating the need to hard code or store keys.
• Assuming an IAM role is the recommended and secure method to grant temporary, limited access to AWS resources like S3 for EC2 instances.
• When you attach an IAM role to an EC2 instance, AWS automatically provides temporary security credentials to the instance via the metadata service — eliminating the need to hard code or store keys.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
TheFivePips
Highly Voted 1 year, 10 months agosarat5646
Most Recent 1 day, 8 hours ago3veryday
1 month, 4 weeks agoKostiantyn12
2 months, 3 weeks ago1507a4f
3 months, 3 weeks agoAyushPanwar
4 months, 3 weeks agoelijahmugariri
6 months, 1 week agofoxewa
6 months, 2 weeks agofoxewa
6 months, 2 weeks agoRoroyoshi
6 months, 3 weeks agonewbieaws9x
7 months, 1 week agoRoroyoshi
7 months, 1 week agoklaus___1000
8 months, 1 week agoQurresh
9 months, 2 weeks agoCollinsk
10 months agoSir_Kay
10 months agoFrankdespi
10 months, 1 week ago