AWS Certified Developer Associate DVA-C01 – Question348

A developer is creating a new batch application that will run on an Amazon EC2 instance. The application requires read access to an Amazon S3 bucket. The developer needs to follow security best practices to grant S3 read access to the application.
Which solution meets these requirements?

A.
Add the permissions to an IAM policy. Attach the policy to a role. Attach the role to the EC2 instance profile.
B. Add the permissions inline to an IAM group. Attach the group to the EC2 instance profile.
C. Add the permissions to an IAM policy. Attach the policy to a user. Attach the user to the EC2 instance profile.
D. Add the permissions to an IAM policy. Use IAM web identity federation to access the S3 bucket with the policy.

Correct Answer: D