AWS Certified Solutions Architect – Professional SAP-C01 – Question237

In the context of IAM roles for Amazon EC2, which of the following NOT true about delegating permission to make API requests?

A.
You cannot create an IAM role.
B. You can have the application retrieve a set of temporary credentials and use them.
C. You can specify the role when you launch your instances.
D. You can define which accounts or AWS services can assume the role.

Correct Answer: A

Explanation:

Explanation: Amazon designed IAM roles so that your applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use. Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles as follows: Create an IAM role. Define which accounts or AWS services can assume the role. Define which API actions and resources the application can use after assuming the role. Specify the role when you launch your instances. Have the application retrieve a set of temporary credentials and use them.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-am…