AWS DevOps Engineer Professional DOP-C01 – Question404 - AWS DevOps Engineer Professional DOP-C01

From a compliance and security perspective, which of these statements is true?

A. You do not ever need to rotate access keys for AWS IAM Users.
B. You do not ever need to rotate access keys for AWS IAM Roles, nor AWS IAM Users.
C. None of the other statements is true.
D. You do not ever need to rotate access keys for AWS IAM Roles.

Correct Answer: D

Explanation:

Explanation:
IAM Role Access Keys are auto-rotated by AWS on your behalf; you do not need to rotate them. The application is granted the permissions for the actions and resources that you have defined for the role through the security credentials associated with the role. These security credentials are temporary and we rotate them automatically. We make new credentials available at least five minutes prior to the expiration of the old credentials.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-am…