AWS Certified SysOps Administrator SOA-C01 – Question845

A SysOps Administrator needs to control access to groups of Amazon EC2 instances. Specific tags on the EC2 instances have already been added.
Which additional actions should the Administrator take to control access? (Choose two.)

A.
Attach an IAM policy to the users or groups that require access to the EC2 instances.
B. Attach an IAM role to control access to the EC2 instances.
C. Create a placement group for the EC2 instances and add a specific tag.
D. Create a service account and attach it to the EC2 instances that need to be controlled.
E. Create an IAM policy that grants access to any EC2 instances with a tag specified in the Condition element.