IAM Quiz
Your company has a set of EC2 Instances that access data objects stored in an S3 bucket. Your IT Security department is concerned about the security of this architecture and wants you to implement the following:
1) Ensure that the EC2 Instance securely accesses the data objects stored in the S3 bucket
2) Prevent accidental deletion of objects
Which of the following would help fulfill the requirements of the IT Security department? Choose 2 answers from the options given below.
A.
Create an IAM user and ensure the EC2 Instances use the IAM user credentials toaccess the data in the bucket.
B.
Create an IAM Role and ensure the EC2 Instances use the IAM Role to access the datain the bucket.
C.
Use S3 Cross-Region Replication to replicate the objects so that the integrity ofdata is maintained.
D.
Use an S3 bucket policy that ensures that MFA Delete is set on the objects in thebucket.
B. & D.
AWS Documentation mentions the following:
IAM roles are designed so that your applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use. Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles
For more information on IAM Roles, please refer to the below link:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
MFA Delete can be used to add another layer of security to S3 Objects to prevent accidental deletion of objects.
For more information on MFA Delete, please refer to the below link:
https://aws.amazon.com/blogs/security/securing-access-to-aws-using-mfa-part-3/
