nerdexam
Amazon

DVA-C02 · Question #693

A developer is creating a role to access Amazon S3 buckets. To create the role, the developer uses the AWS CLI create-role command. Which policy should be added to allow the Amazon EC2 service to assu

The correct answer is B. Trust policy. A trust policy defines which entities (such as AWS services like EC2) are allowed to assume a role. To allow the EC2 service to assume the role, the developer must add a trust policy specifying EC2 as a trusted principal.

Submitted by kevin_r· Mar 5, 2026Security

Question

A developer is creating a role to access Amazon S3 buckets. To create the role, the developer uses the AWS CLI create-role command. Which policy should be added to allow the Amazon EC2 service to assume the role?

Options

  • AManaged policy
  • BTrust policy
  • CInline policy
  • DService control policy (SCP)

How the community answered

(53 responses)
  • A
    2% (1)
  • B
    87% (46)
  • C
    8% (4)
  • D
    4% (2)

Explanation

A trust policy defines which entities (such as AWS services like EC2) are allowed to assume a role. To allow the EC2 service to assume the role, the developer must add a trust policy specifying EC2 as a trusted principal.

Community Discussion

No community discussion yet for this question.

Full DVA-C02 Practice