DVA-C02 · Question #686
A developer is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB. In the local development environment, the application has used IAM access keys. The applicatio
The correct answer is A. Configure an ECS task IAM role for the application to use.. Assigning an IAM role to the ECS task provides temporary, managed credentials that the AWS SDK can use automatically for authentication. This is the recommended and secure way to grant permissions to applications running in ECS without embedding long-term credentials.
Question
A developer is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB. In the local development environment, the application has used IAM access keys. The application is now ready for deployment onto an ECS cluster. How should the application authenticate with AWS services in production?
Options
- AConfigure an ECS task IAM role for the application to use.
- BRefactor the application to call AWS STS AssumeRole based on an instance role.
- CConfigure AWS access key/secret access key environment variables with new credentials.
- DConfigure the credentials file with a new access key/secret access key.
How the community answered
(26 responses)- A96% (25)
- C4% (1)
Explanation
Assigning an IAM role to the ECS task provides temporary, managed credentials that the AWS SDK can use automatically for authentication. This is the recommended and secure way to grant permissions to applications running in ECS without embedding long-term credentials.
Community Discussion
No community discussion yet for this question.