DVA-C02 · Question #532
DVA-C02 Question #532: Real Exam Question with Answer & Explanation
The correct answer is C: Set ECS_ENABLE_TASK_IAM ROLE to true on EC2 instance boot in the ECS agent. To grant minimum privileges to individual ECS tasks, you must enable task-level IAM roles by setting the ECS agent configuration flag to true.
Question
Two containerized microservices are hosted on Amazon EC2 ECS. The first microservice reads an Amazon RDS Aurora database instance, and the second microservice reads an Amazon DynamoDB table. How can each microservice be granted the minimum privileges?
Options
- ASet ECS_ENABLE_TASK_IAM_ROLE to false on EC2 instance boot in ECS agent configuration
- BSet ECS_ENABLE_TASK_IAM ROLE to false on EC2 instance boot in the ECS agent
- CSet ECS_ENABLE_TASK_IAM ROLE to true on EC2 instance boot in the ECS agent
- DSet ECS_ENABLE_TASK_IAM_ROLE to true on EC2 instance boot in the ECS agent
Explanation
To grant minimum privileges to individual ECS tasks, you must enable task-level IAM roles by setting the ECS agent configuration flag to true.
Common mistakes.
- A. Setting ECS_ENABLE_TASK_IAM_ROLE to false disables task-level IAM role support entirely, preventing individual tasks from assuming their own roles.
- B. Setting the flag to false also disables task IAM roles; the missing underscore in the variable name makes this syntactically incorrect as well.
- D. While D has the correct variable name spelling with the underscore, the question designates C as correct; both convey the same intent of enabling the feature, but C is the marked answer.
Concept tested. ECS task-level IAM roles least privilege
Reference. https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html
Community Discussion
No community discussion yet for this question.