You have an application running on an Amazon EC2 instance, and you are using IAM roles to access AWS Service APIs securely.
How can you configure your application running on that instance to retrieve the API keys for use with the AWS SDKs?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C.
IAM roles are designed so that your applications can securely make API requests from your instances without requiring you to manage the security credentials that the applications use.
Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles.
For more information on Roles for EC2, please refer to the below link:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.htmlSure, I'll be happy to explain each answer in detail:
A. When assigning an EC2 IAM role to your instance in the console, in the “Chosen SDK” drop-down list, select the SDK that you are using, and the instance will configure the correct SDK on launch with the API keys.
This answer is incorrect because there is no "Chosen SDK" drop-down list when assigning an IAM role to an EC2 instance. When you assign an IAM role to an EC2 instance, the instance is granted temporary security credentials that are automatically delivered to the instance metadata service. These temporary credentials can be used by the SDKs to access other AWS services.
B. Within your application code, make a GET request to the IAM Service API to retrieve credentials for your user.
This answer is also incorrect because you don't retrieve credentials for your IAM user. Instead, you retrieve temporary security credentials for the IAM role assigned to the EC2 instance. These credentials can be retrieved from the instance metadata service using the SDKs.
C. When using AWS SDKs and Amazon EC2 roles, you do not have to retrieve API keys explicitly. Because the SDK handles retrieving them from the Amazon EC2 MetaData service.
This answer is correct. When using IAM roles with EC2 instances, the SDKs automatically retrieve temporary security credentials from the instance metadata service, which contains the API keys for accessing other AWS services. The SDKs use these temporary credentials for authentication and authorization to access AWS services on behalf of the EC2 instance.
D. Within your application code, configure the AWS SDK to get the API keys from environment variables. Because assigning an Amazon EC2 role stores keys in environment variables on launch.
This answer is also incorrect because assigning an IAM role to an EC2 instance does not store API keys in environment variables. Instead, the temporary security credentials are stored in the instance metadata service and retrieved by the SDKs.
Therefore, the correct answer is C - When using AWS SDKs and Amazon EC2 roles, you do not have to retrieve API keys explicitly. Because the SDK handles retrieving them from the Amazon EC2 MetaData service.