nerdexam
Amazon

DVA-C02 · Question #705

A developer is building an application that runs in an Amazon ECS service. The developer configures an IAM role as the task role. The developer needs to grant the application access to an Amazon S3 bu

The correct answer is C. Create an inline policy that allows the task role to access the S3 bucket.. Attaching an inline (or managed) IAM policy directly to the ECS task role that grants access to the specific S3 bucket ensures the application running in the task has the necessary permissions securely. This approach follows the principle of least privilege without relying on ins

Submitted by ricky.ec· Mar 5, 2026Security

Question

A developer is building an application that runs in an Amazon ECS service. The developer configures an IAM role as the task role. The developer needs to grant the application access to an Amazon S3 bucket. Which solution will meet this requirement in the MOST secure way?

Options

  • AModify the bucket policy for the S3 bucket to allow access from the Amazon Resource Name
  • BCreate an IAM instance profile for the task role. Modify the bucket policy for the S3 bucket to
  • CCreate an inline policy that allows the task role to access the S3 bucket.
  • DCreate an IAM user that has an inline policy that allows access to the S3 bucket. Provide the IAM

How the community answered

(17 responses)
  • A
    6% (1)
  • C
    82% (14)
  • D
    12% (2)

Explanation

Attaching an inline (or managed) IAM policy directly to the ECS task role that grants access to the specific S3 bucket ensures the application running in the task has the necessary permissions securely. This approach follows the principle of least privilege without relying on instance profiles

Community Discussion

No community discussion yet for this question.

Full DVA-C02 Practice