AWS Resource Access Best Practices

Recommended Approach for Accessing AWS Resources from EC2 Instances

Prev Question Next Question

Question

Which of the following is recommended to use when accessing AWS resources from EC2 Instances.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - C.

IAM roles and temporary security credentials address these use cases.

An IAM role lets you define a set of permissions to access the resources that a user or service needs, but the permissions are not attached to a specific IAM user or group.

Instead, IAM users, mobile and EC2-based applications, or AWS services (like Amazon EC2) can programmatically assume a role.

For more information on IAM Roles please visit the below URL:

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html

When accessing AWS resources from EC2 Instances, it is recommended to use IAM roles instead of using access keys. IAM roles are a secure way to grant permissions to entities that need to access AWS resources. They are preferable over access keys as they are temporary and do not require storage of access keys on the instance.

IAM roles can be associated with an EC2 instance when it is launched, which enables applications running on the instance to automatically inherit the role's permissions. This helps simplify security management by reducing the need to manage access keys on the EC2 instance.

Therefore, the correct answer is option C: Consider implementing IAM roles.

Option A, using the root access keys, is not recommended as it poses a significant security risk, since root credentials have unrestricted access to all AWS resources in the account.

Option B, defining an IAM user and using the access keys attached to the user, is also not recommended as it requires storing access keys on the instance, which could be compromised.

Option D, segregating IAM users into groups, is a best practice for managing user access and permissions but it is not directly related to accessing AWS resources from EC2 instances.