How should the application use AWS credentials to access the S3 bucket securely?

seenagapeFebruary 12, 2016

You have an application running on an EC2 Instance which will allow users to download flies from a private S3
bucket using a pre-assigned URL. Before generating the URL the application should verify the existence of the
file in S3.
How should the application use AWS credentials to access the S3 bucket securely?

PrepAway - Latest Free Exam Questions & Answers

A.
Use the AWS account access Keys the application retrieves the credentials from the source code of the
application.

B.
Create a IAM user for the application with permissions that allow list access to the S3 bucket launch the
instance as the IAM user and retrieve the IAM user’s credentials from the EC2 instance user data.

C.
Create an IAM role for EC2 that allows list access to objects in the S3 bucket. Launch the instance with the
role, and retrieve the role’s credentials from the EC2 Instance metadata

D.
Create an IAM user for the application with permissions that allow list access to the S3 bucket. The
application retrieves the IAM user credentials from a temporary directory with permissions that allow read
access only to the application user.

12 Comments on “How should the application use AWS credentials to access the S3 bucket securely?”

Nitin Kansal says:

March 3, 2016 at 8:12 am

C

0

1

Frank says:

March 14, 2016 at 11:13 am

Hi,

I would go for answer C

See also: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html

Regards,
Frank

========================
http://169.254.169.254/latest/meta-data/iam/security-credentials/

If there is an IAM role associated with the instance at launch, role-name is the name of the role, and role-name contains the temporary security credentials associated with the role. Otherwise, not present.
========================

0

1

KwagongMakisig says:

June 29, 2016 at 2:36 pm

C

0

1

Chef says:

July 13, 2016 at 12:53 am

You need a role for this! C.

0

1

Srinivasu Muchcherla says:

August 10, 2016 at 4:33 pm

Answer : C
“EC2 Instance metadata”

0

1

Srinivasu M says:

August 21, 2016 at 6:24 am

C

0

1

swagata mondal says:

August 30, 2016 at 4:35 am

c

0

2

joe21 says:

November 9, 2016 at 3:33 pm

C

0

2

Mouhammad Yousuf says:

November 19, 2016 at 8:46 am

i assume that using a user is also possible while using a role is quite wider it terms of giving you the capability to associate the role with any other user in the future which will grant the same access level to the bucket however two magical words here are “Private bucket with preassigned URL” and” allow users with S in the end” so B and C are possible solutions which one of them would be the most correct answer i think it would be role and that is C

0

1

Allen says:

November 28, 2016 at 9:31 am

Initially, I thought the answer should be C. However, How can you “Launch the instance with the
role”? B is the possible solution as long as the IAM user credential could be set in user data.

1

1

Ashok says:

January 26, 2017 at 4:16 am

C is right because role based instance can access s3 bucket easily with security

1

1

Quang says:

June 15, 2017 at 4:40 pm

C

When creating instances, there is an option to choose IAM role

1

1